Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Posted By: ITWiser Webmaster
London council fined 70K!
It has been reported that a London council has been fined £70,000 after personal information was exposed. The data leak was down to their TicketViewer app which allowed hackers unauthorised access to 119 documents’ which contained personal and sensitive information. The app in question was developed in 2012 by Islington council’s internal application team. The TicketViewer app allowed people who had been issued a parking ticket to log on using their vehicle registration number. The app held CCTV images and videos of the persons alleged offence, the evidence could be used to prosecute or to appeal.
If someone wanted to appeal they could send this evidence off along with the relevant documents, this might include finances, health issues or disabilities. Once the back office receives this they would then scan and upload this information into the system as an attachment folder. There would be lots of personal information in there such as car registration, address, name and potentially medical and finance details.
You would like to think systems holding sensitive information would be rigorously tested but sadly this wasn’t the case. In 2015 a citizen alerted the council to the fact that these folders were accessible if the user changed the URL slightly. The app launched in 2012, between that date and the date the issue was reported, 825,000 parking tickets were issued and over 270,000 appeals were logged.
ITWiser offer a wide range of services and solutions that can help prevent issues like this from happening to you and your business. We offer internal security audits and external security audits, these audits are designed to highlight issues inside and outside your network. For more information on these or on any of our other services please get in touch today.