UKFast flags alleged council data breach
Hosting firm uncovers council's "confidential" supplier details using Google search.
Hosting provider UKFast claims to have uncovered serious data leaks from several local councils using Google search.
The firm claims one unnamed council posted supplier contact and pricing information online, along with details about its 83 million annual spend.
In a statement, Lawrence Jones, chief executive at UKFast, said: "The public sector should set an example on data protection so to discover such a lapse where personal details and sensitive data is openly available from a local government body is very concerning."
It would be unethical to disclose this information without advising the council involved.
However, it is difficult to discern in this case whether a data breach has occurred or if the data has been posted online for transparency purposes.
A spokesperson for the Information Commissioner's Office (ICO) told IT Pro: "Proactively making financial information available can not only help to retain public trust, but save time as they will no longer have to deal with information requests for this data.
"With the limited information available, it is difficult to determine whether the information relating to the council's annual spend was released proactively or was the result of a security breach."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Speaking to IT Pro, UKFast's director of data centres, Stuart Coulson, declined to identify the council involved.
"It would be unethical to disclose this information without advising the council involved," said Coulson.
"However, this is not an isolated incident and during our research we found further cases of full supplier data [being] exposed. We do need to recognise that this kind of data is valuable to unscrupulous parties."
Coulson said he doubted the information had been leaked maliciously, but said it still constitutes a "basic oversight in data security."
"Public sector bodies should set an example in security awareness by demonstrating more sophisticated data protection practices," he added.
It was not just council data UKFast uncovered, Coulson claimed.
"This research also discovered security failures amongst private businesses that were found to have left customers' personal information, including credit card details, unencrypted and searchable by Google," he said.
"The investigation followed up on a similar study 12 months ago and highlights the lack of progress in raising cyber security awareness, despite high profile hacks [involving] Sony, LinkedIn and Yahoo in the last year."
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.