Council's security blunder exposes card details
A security blunder at Newcastle City Council has exposed the credit and debit card details of up to 54,000 people online.
The breach was discovered on 19 July after the council hired an independent security expert to try and crack its systems. The security exercise found an encrypted file containing names, addresses, and credit and debit card numbers had been mistakenly placed on an insecure server.
An internal investigation also revealed that the file with all the card details had been accessed and uploaded to a computer IP address registered in Israel. Newcastle City Council claims there is no indication of any fraud on the affected cards.
The file contained details of payments for council tax, business rates, parking fines and rents for more than a year between February 2006 and April 2007. The council has informed the banks, police and the Information Commissioner about the breach and said a full investigation into the security breach is underway.
But a council spokesman said those people whose card details were exposed online will not be contacted individually by the council.
He said: "It's a question of resources. There could be up to 54,000 people affected. It is up to cardholders themselves — it is best for people to keep an eye on their credit and debit card statements and notify the banks of anything suspicious straight away."
Newcastle City Council said it closed down the insecure computer servers straight away, tightened security and is now "fully confident" that it is safe to continue taking credit and debit card payments.
Councillor John Shipley said in a statement: "This is an extremely serious breach, which I was shocked to hear about. My first concern is that every possible measure should be put in place now to protect people whose data might have been compromised, and we have communicated this to the banks and credit card companies."
Newcastle City Council chief executive Ian Stratford added in a statement: "We very much regret that this situation has developed, although we would again stress that there has been no indication of any fraud or loss, and that we spotted this situation through the thoroughness of our own security and checking systems."