ICO will look into Edinburgh City Council data breach

Watchdog says it is aware of hack that lost 13,000 people's emails

A padlock against a golden background to represent cyber security

The Information Commissioner's Office (ICO) has confirmed it will examine a data breach affecting Edinburgh City Council that exposed 13,000 people's email addresses.

Hackers managed to bypass the security of the local authority's website service provider on 3 July, stealing 13,134 email addresses.

The UK's data watchdog did not say whether it would launch an official investigation, but a spokesman told IT Pro: "We are aware of the incident at Edinburgh City Council and will be making enquiries."

No other personal data was lost in the attack, according to the council, which sent an email notifying victims of the breach that their email addresses had been stolen.

The authority wrote: "If you had a password for the website, as a precaution, we have reset your account and you will have to change your password the next time you log in.

"We are taking this incident very seriously. We have made sure that our service providers have reinforced the security of our website and we will continue to monitor security regularly."

While the attack was not as serious as others in which cyber criminals have accessed sensitive personal data, it may affect public trust in the council, according to one victim, William Buchanan, a professor at Napier University.

In a LinkedIn post, he said: "The current breach does not seem serious in terms of its possible impact on citizens, but could have serious implications on the trust levels of citizens with the council.

"It also comes at the same time as other public sector breaches, especially within healthcare, such as from East Sussex NHS Trust, and which involved a non-encrypted memory stick containing the details of over 3,000 patients."

The trust emailed victims to warn them their data, stored on a USB stick, had been lost, it emerged this week, but the memory drive was subsequently returned by a member of the public.

In the ICO's most recent annual report, the most data breaches reported to the ICO came from healthcare, with 439 incidents, followed by 125 local government incidents.

But network security firm Barracuda Networks warned the news highlights the issue of who is responsible for securing web applications - an organisation or its service provider?

Wieland Alge, vice president of EMEA, said: "The most important takeaway here is that just because your hosting service or CDN or cloud provider says that they provide 'a secure environment', it (almost) never means that they secure your web applications as well.

"That responsibility squarely falls on the responsibility of each individual business. Organisations should query their providers regarding web application security specific features and explore avenues of supplementing these."

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021
AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021