An IT blunder at Hackney Council has publicly exposed the names and addresses of vulnerable women living in hostels for their own safety. The breach was only spotted when investigators at local newspaper Hackney Citizen informed the council.
Other documents were also mistakenly posted online including details of a vulnerable tenant, notes from a welfare check on a frail resident, and contact details for council estate tenants who had requested repairs (including to broken doors).
An investigation found that the breach was made possible as senior managers in the Council’s IT team had chosen the wrong privacy settings on Trello, a free online project management tool. The highly sensitive and confidential data was un-redacted.
Commenting on this privacy failure, a domestic violence campaigner said “vulnerable women could have been killed because of this. They might still be killed because of it.”
Speaking to the Hackney Citizen, one of the women affected by the breach said: “I trusted the council to protect me. When I was made homeless I was at their mercy. I thought they would keep me and my daughter safe – but this feels like a betrayal.
“It’s terrifying to find out that our address was on the internet for so long. I’m so angry that I don’t know what words to use, and I’m scared to even think what could have happened to us.”
Why hasn’t Hackney Council learned its lesson?
This isn’t the first time the local authority has been in the headlines for data protection failures. In 2020, Hackney Council suffered a serious cyberattack that affected many of its services and IT systems. Following the attack, the criminals published some stolen data on the dark web.
The latest breach happened despite Hackney Council pledging to tighten its data security measures.
Kingsley Hayes, head of data breach at Keller Lenkner UK said:
“Local authorities handle some of our most sensitive personal information, so a data breach can be disastrous. Unfortunately, in our experience, reliance on unsecured legacy software and a lack of preparation for dealing with cyber-attacks has made the sector vulnerable.
“Of course, given the nature of the data required for the delivery of public services, local authorities are lucrative to hackers. But by not properly training staff and failing to put robust data management practices in place, this is making things worse for the public and easier for cybercriminals. What’s more, despite the threat of attacks, in our experience, human error remains the leading cause of breaches, and the latest data breach at Hackney Council shows just how devastating it can be when local authorities don’t take their data protection responsibilities seriously.”
Have your details been put at risk by Hackney Council?
By law, Hackney Council must contact anyone affected by either of these data breaches directly. But you also have a legal right to ask the Council if your information is at risk. This is called making a data Subject Access Request (SAR).
Hackney Council data breach claim
If you want to hold Hackney Council to account for failing to protect your private information, receive financial compensation for your losses and force public sector organisations to implement better data security, contact us today. We provide a free, no-obligation assessment of your case.