IT services company Capita has apologised for the "regrettable error" that saw the personal information and credit card details of local residents in Lambeth, London, emailed as plain text.
One member of Lambeth Council has called for an inquiry into the incident, which was first reported by ZDNet UK on Tuesday. Capita is still refusing to reveal how many residents were affected by the glitch, which affected Lambeth's online council tax system.
The incident took place last week and only came to light after an alert council tax payer in Lambeth warned the council of the problem.
According to a statement issued by Capita on Wednesday, the incident "was caused by a member of Capita staff who, during a complex software upgrade, omitted to activate the encryption code which masks certain customer details". As a result the details were shown in plain text in the emails sent to confirm payment and as a result could be seen by anyone who intercepted the email.
"Lambeth Council and Capita apologise for this regrettable but isolated error," said Capita in a statement. This "affected a small number of citizens", Capita added, without revealing how many had been affected.
The mistake is particularly serious, given the risks posed by ID theft today. Capita insisted that it was "an isolated error that has never occurred before" and said it has " reviewed its processes and staff training to mitigate such a situation recurring".
Capita also said that it "took prompt action to rectify the error within 48 hours", but did not explain why it took two days to rectify the mistake.
"This is quite clearly unacceptable," said Councillor Daniel Sabbagh, the finance spokesman for the opposition Labour Party in Lambeth. "We will be asking for further information, and demanding a full inquiry to ensure that no resident has lost out as a result of this security breach."
On Tuesday, a Lambeth Council spokeswoman said that it was "unacceptable for this information to be displayed [in this way]".