Medway Council data breach caused by online form error

A Medway Council data breach incident has been discovered by a security researcher after “rudimentary” tests found a bug in a system that may have exposed personal data.

Council data breach compensation claims are increasingly common these days, and a lot of it is likely down to a lack of investment in security and technology. One of the most common types of legal cases we take forward involve local authorities or the agencies they employ, and we regularly see these kinds of breach stories hitting the news.

In this case, it appears that an issue with an online inquiry form may have allowed anyone to access the personal information of some residents.

About the Medway Council data breach incident

The Medway Council data breach incident reportedly stems from a bug in an online inquiry form that’s a part of the Kent Channel Migration Project that’s aimed at encouraging greater use of technology.

It’s understood that this project has had some previous flaws and issues, resulting in delays. A security researcher has since discovered a flaw whereby the form could be manipulated to be able to access and edit the personal information for residents.

Data that has been at risk of exposure is thought to include names, email addresses and telephone numbers.

What’s being done about the breach?

In response to the Medway Council data breach incident, the council has self-reported to the UK’s data watchdog, the Information Commissioner’s office (ICO).

Residents whose information may have been exposed due to the flaw may need to be contacted as well. If the ICO finds that the issue is serious enough to issue a financial penalty, the local authority could be faced with having to pay a GDPR fine.

A spokesperson for the Council said:

“We would like to reassure residents this was an isolated issue with our inquiry forms, which involved web links being manipulated to gain access.”

In terms of how they quickly dealt with the problem:

“As soon as we became aware that a technical expert had gained access to some forms on our website, we immediately removed all potentially affected forms. We have also taken action to fully resolve the technical issue to avoid this happening again. We have provided the Information Commissioner’s Office with an initial report, and have steps in place to ensure all data is protected.”

A lucky escape?

Based on what we know so far, the Medway Council data breach incident may well be one of those lucky escape situations.

The issue was identified and reported by a security researcher as opposed to a hacker. Of course, we don’t know whether anyone else has been able to exploit the weakness, and it’s worrying that the issue was reportedly easy to identify with testing.

As more and more of these local authority data breach incidents occur, it seems clear that more funding is required from central government in order to ensure the data councils hold is safe and secure at all times.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.