York Council data breach
warning about employees stealing data for personal contact with customers

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

York Council data breach

The recent York Council data breach led to the information for almost 6,000 people being exposed due to a coding vulnerability.

A computer expert happened upon the vulnerability in the ‘One Plant York’ app. He did the right thing and reported the breach to York Council, who then bizarrely reported him to the police. It’s understood that the expert had alerted the Council in efforts to make them aware, so the issue could be resolved.

The police matter aside, the result is that the data for almost 6,000 people has been left exposed. If one expert happened upon it, who’s to say someone else isn’t already aware of it, and hasn’t already been exploiting it?

About the York Council data breach

The York Council data breach stemmed from a vulnerability in the code for their One Planet York app. This app is used as pat of their waste reduction plans and for the overall improvement of their environmental performance.

The app has since been taken down after the discovery of the data breach.

What data has been exposed in the York Council data breach?

The data exposed in the York Council data breach is user information that had been supplied during the sign-up process for the app.

This is said to include:

  • Usernames;
  • User IDs;
  • Passwords (in encrypted format);
  • Email addresses;
  • Telephone numbers;
  • Addresses;
  • Property references;
  • Locations;
  • Certain settings;
  • ‘Planet points’ – a feature within the app.

The expert who identified the breach sent a spread of redacted data to the council in efforts to notify them that they had a code vulnerability. Although the Council has since thanked the expert for their notification, they initially reported him to the police. They’ve yet to issue an apology to him, it’s understood.

What’s being done about the York Council data breach

A number of actions have been taken after the discovery of the York Council data breach.

The app has been taken down, and the breach has been referred to the ICO. The ICO will likely open a case and investigate the matter.

Users of the app are also being notified. A letter from York Council stated as follows:

On 1 November 2018, a third party contacted the council and told us they had found a way to access personal data of those people who use the One Planet York app.

The data accessed included personal information such as your name, address, postcode, email and telephone together with your encrypted password.

To our knowledge, the data accessed did not include any further sensitive information. In addition, the One Planet York is isolated from other council systems and therefore unable to access other personal data.

Another council data breach…

The York Council data breach is yet another council data breach. Once again, on the face of it, the breach appears to have been very preventable.

Council data breach claims are common ones our lawyers help people with.

One coding vulnerability has put the private data of almost 6,000 people at risk. We don’t yet know whether it had been accessed by anyone with more sinister intentions.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon