Local councils have lost 7 million in the space of a year, after data published on their own websites was used by scammers against local authorities.
The Coalition has pushed for greater transparency across Government bodies and many have responded by posting data online.
That strategy appears to have backfired on councils, costing them millions in fraud.
"Fraudsters have sent letters to council finance teams that appear legitimate and often follow them up with phone calls to chase payments," a report from the Audit Commission read.
"The fraudsters gather the details about key creditors from the information that councils now publish on their websites. In our 2010/11 survey, councils reported several detected frauds of this type amounting to some 7 million."
Local public bodies have become increasingly successful at preventing these frauds by applying sound internal controls.
In one case, a fraudster contacted a local authority posing as an employee of a council supplier, asking the local authority to change payment details for that company.
Using a supplier invoice published on the council's website, the fraudster tried to dupe the local authority into sending 5 million to their own account.
In that case, thanks to additional protections installed by the council, the transfer was stopped.
"Local public bodies have become increasingly successful at preventing these frauds by applying sound internal controls," the report added.
"They have prevented about 20 million of such attempted fraud. Fraud warnings, such as those issued by the National Anti-Fraud Network, have helped raise awareness of the risks. However, fraudsters continue to target local public bodies."
Whose data is it anyway?
The financial losses were revealed a week after the Government launched its 'Midata' campaign, another part of its drive for greater transparency.
The initiative will see companies including Google, MasterCard and Visa enabling customers to ask for data on them held by companies. Citizens who ask for their information should receive it back in a standardised format.
Some have raised concerns Midata would backfire too, worried that businesses which sign up to the scheme would share data with one another for marketing purposes.
"Getting your data back is good. But Midata must be accompanied by a stronger Data Protection Act, with a right to delete your data, or consumers could be victims of parasitic data or finance companies tempting people to share more than is good for them," said Jim Killock, executive director of the Open Rights Group.
The Information Commissioner's Office (ICO), the UK's Data Protection Act enforcer, welcomed the Midata project.
"Midata presents an innovative and empowering opportunity for consumers," said information commissioner Christopher Graham. "It goes without saying that privacy and data security principles must continue to be upheld and I'm pleased that consumer data security has been a key strand from the outset."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdlesAnalysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
