Newcastle City Council has become the latest organisation to suffer a data breach when it announced yesterday that credit and debit card details of up to 54,000 people had been exposed.
The council said in a posting on its web site's home page that there had been an "inappropriate release" of names, addresses and card numbers relating to transactions made between February and April this year.
The situation came to light after the council hired a security expert to test its systems and found that on one occasion a file "had been wrongly placed on an insecure server, and subsequently uploaded to a computer address registered outside the country".
However the council is insisting that all data was securely encrypted and that there is no indication of any fraud or misuse. In addition, the servers concerned were shut down as soon as the breach was discovered and the banking sector, the police and the Information Commissioner were immediately informed, it said.
Graham Smith of consultancy AppLabs said quality assurance and testing is paramount to ensure that any bugs in systems are located well before any sensitive information is handled.
"Newcastle is the latest incident in a long line of public sector IT disasters," he added. "As these organisations become more reliant on technology, these breaches are set to become an even more common occurrence, unless they start to take the issue of quality assurance and testing of IT seriously.
Kevin Bocek of encryption specialist PGP said the incident highlights a recent trend of firms disclosing data loss voluntarily rather than risking the "embarrassment of accidental disclosure down the line".
"While Newcastle CC should be commended for being so upfront with the public, questions need to be raised as to why such sensitive citizen information was held on an unsecured server," he added. "If organisations want to take a holistic approach to defending the data they need to move away from ad-hoc measures and look to implement a comprehensive enterprise data protection strategy to protect data wherever it goes."
Do you agree?
Have your say on this article