Reading:
Government digital service department leaks personal information
Share:
gov website breached

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Government digital service department leaks personal information

Many people may have a false sense of security that the Government are able to protect us and our data. Over the years, this belief has decreased massively given there are growing trends of data breaches, with hacks and leaks scarily becoming the norm.

This is exemplified in the Government’s digital service website – www.data.gov.uk – who recently fell victim to a security breach. A spokeswoman said that a database containing usernames and email addresses was discovered on a system which was accessible to the public. This was only discovered during a routine security review.

So, if the government can’t protect themselves, how can we expect them to protect us?!

After becoming aware of the breach, the digital service is making all users change their passwords as a precautionary measure. This may be too late to be implementing as a ‘precautionary’ measure though, given that the damage has already been done.

Not that it should make any difference, but according to the Government, only email addresses, usernames and hashed passwords were breached. Names and physical addresses weren’t leaked.

Email addresses, usernames, and hashed passwords are still valuable data to cyber-criminals, however!

They could still use them to access other accounts as many individuals tend to reuse passwords across multiple online accounts.

So, the risks are still there…

Notification

The Government digital service are aware of their wrongdoing and notified the Information Commissioner’s Office (ICO) of the breach. A spokeswoman told the BBC that the breach had only affected data.gov.uk accounts, meaning users with separate accounts for other government websites weren’t affected.

The Government digital service sent notification of the breach from this email address –
data.gov.uk.support@notifications.service.gov.uk – to warn users to change their passwords. The email stated that “the names, emails and hashed passwords in the file belong to users who registered on data.gov.uk on or before 20th June 2015.”

Further warnings have been given by the Government department, urging users to be diligent if they receive an email from someone claiming to be from the Cabinet office. It’s important that you check the authenticity of an email recipient before handing over personal information.

Reassurances

The spokeswoman tried to give her reassurances by stating that, because hashed passwords were used i.e. the passwords were scrambled, this formation makes the information less useful. However, as we mentioned above, this doesn’t completely eliminate the risks to people affected by the breach.

A spokeswoman also stated:

“…there is no evidence of misuse of anyone’s credentials and users have been asked to reset their passwords purely as a precautionary measure.”

Weaknesses of the system

Spencer Young, RVP EMEA at Imperva, highlights the importance of a strong password:

“Passwords continue to be an ‘Achilles Heel’ in the fight against cybercrime as improper user behaviour such as weak passwords or use of the same password across different sites – continues.”

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon