Newcastle suffers data loss

Council admits accidentally exposing cardholder data

Written by Phil Muncaster

IT Week, 27 Jul 2007

Newcastle City Council has become the latest organisation to suffer a data breach when it announced yesterday that credit and debit card details of up to 54,000 people had been exposed.

The council said in a posting on its web site's home page that there had been an "inappropriate release" of names, addresses and card numbers relating to transactions made between February and April this year.

The situation came to light after the council hired a security expert to test its systems and found that on one occasion a file "had been wrongly placed on an insecure server, and subsequently uploaded to a computer address registered outside the country".

However the council is insisting that all data was securely encrypted and that there is no indication of any fraud or misuse. In addition, the servers concerned were shut down as soon as the breach was discovered and the banking sector, the police and the Information Commissioner were immediately informed, it said.

Graham Smith of consultancy AppLabs said quality assurance and testing is paramount to ensure that any bugs in systems are located well before any sensitive information is handled.

"Newcastle is the latest incident in a long line of public sector IT disasters," he added. "As these organisations become more reliant on technology, these breaches are set to become an even more common occurrence, unless they start to take the issue of quality assurance and testing of IT seriously.

Kevin Bocek of encryption specialist PGP said the incident highlights a recent trend of firms disclosing data loss voluntarily rather than risking the "embarrassment of accidental disclosure down the line".

"While Newcastle CC should be commended for being so upfront with the public, questions need to be raised as to why such sensitive citizen information was held on an unsecured server," he added. "If organisations want to take a holistic approach to defending the data they need to move away from ad-hoc measures and look to implement a comprehensive enterprise data protection strategy to protect data wherever it goes."

Tags:

reader comments

related articles

EU flag

UK internet users want to be informed of data losses

Survey findings provide further evidence that the public want a US-style data breach notification law 30 Apr 2007

 

Liverpool City council fined for DPA breach

DPA lapses cost council dear 02 Jan 2007

Data breach law divides experts

US-style legislation could be a good move according to RSA roundtable attendees 06 Jul 2007

Review 2007: IT security and e-crime

Computing's review of the year looks back at the top IT security and cybercrime stories 20 Dec 2007

'Home Office' disc wedged in laptop sold on eBay

Another potential data breach scandal for the government 28 Feb 2008

Communications

Banks should be liable for e-fraud

House of Lords committee describes current system as 'wholly unsatisfactory' 11 Jul 2008

related whitepapers

today's top stories

Management

Solid as a rock - business continuity in a global manufacturer

From power supply problems in Nigeria to email availability in Stockport, PZ Cussons is prepared for anything 02 Dec 2008

Security

Technology and privacy

Watch the final video in a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 02 Dec 2008

Management

IT staff desperate to keep their jobs

Most would work longer hours for less pay 02 Dec 2008

Software

VMware View 3 enhances virtual desktops

Virtual clients now take up less storage space and can be 'checked out' to a laptop 02 Dec 2008

Security

Technology and privacy

Watch part one of a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 01 Dec 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Will the terrorist attacks in Mumbai affect your offshoring plans?

Will the terrorist attacks in Mumbai affect your offshoring plans?

Is India becoming a risky destination?

Previous poll results

> More polls

Latest audio and video articles

Padlocked CDVideo

Technology and privacy

Watch the final video in a two-part Computing roundtable debate on the importance of putting data privacy issues at the heart of your IT plans 02 Dec 2008

Podcast imageAudio

Computing podcast - Standard Life's offshoring plans; and the prospects for government IT

The insurance giant outlines its new outsourcing strategy; and we ask if the government's economic bailout will affect its IT plans 28 Nov 2008

> More audio and video

Latest in-depth articles

Parcel being packedFeatures

Case study: eSpares and business continuity

Online electricals business has managed to decrease its downtime 02 Dec 2008

Royal Blackburn HospitalFeatures

NHS trust recovers from server overdose

Virtualisation technology breathed new life into East Lancashire's cost-intensive system 02 Dec 2008

> More in depth articles

Advertisement

Primary Navigation