Skip to the content

York Council closes app due to data vulnerability

19/12/18

Mark Say Managing Editor

Get UKAuthority News

Share

City of York Council has closed down a public facing app and is reported to be reviewing its digital technology after a security breach.

The One Planet York app, developed for residents to monitor their waste collections, has been taken out of service after evidence emerged that it had been hacked.

A council spokesperson confirmed that the step was taken last month and said the breach was being investigated by the Information Commissioner’s Office (ICO).

According to a report on local website The Press, the council became aware of the problem after website monitoring company RapidSpike alerted it after detecting a vulnerability. It exposed details of more than 6,000 local residents.

A City of York Council spokesperson said: “Following further review it has become clear that the person who identified the issue with the One Planet York app had tried to contact us but their email had not been received due to security settings.

“Whilst we consider we took appropriate measures based upon the facts at the time, we can now confirm that this was a well intended action by the individual concerned and we would like to thank them for raising this matter.

“The One Planet York app data breach is now an ICO case. As a result it would be inappropriate for us to comment about information they will be looking into further.”

Apology

The Press quoted Councillor Andrew Waller, executive member for the environment, as apologising and saying council officers will prepare a report on the hack and that “it is an issue that requires an examination of all similar technology that the council is using”.

There has been no report of any of the exposed data having been abused.

Image: Electronic Frontier Foundation graphic, Creative Commons Attribution 3.0 through Wikimedia

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.