A report by The Register has revealed that text messages sent by council agents en masse to UK taxpayers may have been exposing their personal data to unrestricted access. The external agency Telsolutions Ltd reportedly developed the SMS system for the purposes of chasing debts, but allegedly failed to impose basic security measures. This has apparently made it easy for users to manipulate the links sent in the text messages. This example of a council debt chasing data breach could, therefore, be a sign of a fundamentally inadequate approach to data protection.
It is unclear if anyone took advantage of the security loophole, and if so, how many people chose to do so. Nevertheless, its existence can be enough to cause concern for anyone contacted by local councils in this manner, particularly given the vulnerable situations some alleged tax defaulters may be in.
Your Lawyers, as specialists in data protection law, is disappointed to hear that a number of councils may have again failed to take the precautions necessary to protect their residents’ private information. We help data breach victims to claim compensation for the harm caused, so you can contact us for advice if you think you may have a claim to make.
Latest Council debt chasing data breach – what has happened?
Working with Telsolutions Ltd, the council have a system used to chase residents who have outstanding payments that need to be made, such as council tax debts. These messages are understood to contain links used to direct recipients to the site where they can make the necessary payments. It has recently been found that these webpages may have little or no protection, and this could mean that names and addresses, and perhaps even details about outstanding debts, could be freely available to view without proper and secure authorisation.
When directed to the sites, residents reportedly found that little or no authentication was required to view the data. In addition, those with access to the link could simply change the characters in the web address in order to view other people’s data, even if they lived in completely separate council locations.
The councils involved
According to The Register, a number of councils were involved in this example of a council debt chasing data breach, as several local authorities use the Telsolutions system to contact their residents. The councils involved included Cardiff, Coventry City, Walsall, Lambeth, and Barnet Council, among a number of others.
Many have issued statements in response to the data breach, with the majority offering generic assurances about taking their residents’ data protection needs seriously. Telsolutions itself is said to have immediately suspended the service, with the Chief Executive stating that action has been taken to increase security.
Those affected should also have been notified regarding their involvement as a victim of a council debt chasing data breach incident.
Making council data leak claims
Over the years, we have encountered a number of data breaches at local authorities, many of which have demonstrated a complete disregard for personal information. These kinds of council debt chasing data breaches specifically can be horrendous in nature. Some have been similar as the councils and the agency they hired have both failed to scrutinise the security of their systems.
In cases such as these, it can often be possible for victims to claim compensation from the council responsible for the data breach. To receive expert advice from a firm of specialist Data Leak Lawyers, contact our team today for a free, no-obligation discussion regarding your potential claim.