R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Newcastle suffers data loss

Council admits accidentally exposing cardholder data

Phil Muncaster, IT Week 27 Jul 2007
ADVERTISEMENT

Newcastle City Council has become the latest organisation to suffer a data breach when it announced yesterday that credit and debit card details of up to 54,000 people had been exposed.

The council said in a posting on its web site's home page that there had been an "inappropriate release" of names, addresses and card numbers relating to transactions made between February and April this year.

The situation came to light after the council hired a security expert to test its systems and found that on one occasion a file "had been wrongly placed on an insecure server, and subsequently uploaded to a computer address registered outside the country".

However the council is insisting that all data was securely encrypted and that there is no indication of any fraud or misuse. In addition, the servers concerned were shut down as soon as the breach was discovered and the banking sector, the police and the Information Commissioner were immediately informed, it said.

Graham Smith of consultancy AppLabs said quality assurance and testing is paramount to ensure that any bugs in systems are located well before any sensitive information is handled.

"Newcastle is the latest incident in a long line of public sector IT disasters," he added. "As these organisations become more reliant on technology, these breaches are set to become an even more common occurrence, unless they start to take the issue of quality assurance and testing of IT seriously.

Kevin Bocek of encryption specialist PGP said the incident highlights a recent trend of firms disclosing data loss voluntarily rather than risking the "embarrassment of accidental disclosure down the line".

"While Newcastle CC should be commended for being so upfront with the public, questions need to be raised as to why such sensitive citizen information was held on an unsecured server," he added. "If organisations want to take a holistic approach to defending the data they need to move away from ad-hoc measures and look to implement a comprehensive enterprise data protection strategy to protect data wherever it goes."

See also:

Data breach law divides experts
US-style legislation could be a good move according to RSA roundtable attendees  06 Jul 2007
EU flag
UK internet users want to be informed of data losses
Survey findings provide further evidence that the public want a US-style data breach notification law  30 Apr 2007
ICO logo
Liverpool City council fined for DPA breach
DPA lapses cost council dear  02 Jan 2007

All Enterprise Security Technology
Tags: Green

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
C#.NET Developer - South West - 3 month contract
| Computer People
Our noteworthy client in the South West requires a C#.NET Developer to help develop and rewrite their Finance Systems interfaces. The ideal candidate will be available immediately and be a strong developer using C#.NET. You ... more >
Project Manager (HR & Payroll Systems) - Exciting Growing Organisation
| JAM Recruitment
Job Reference: 21307 Job Title: Project Manager (HR amp; Payroll technology transformation? Do you have Project Management experience gained within client facing projects? Are you a forward thinking professional, comfortable with people management? The Background ... more >
HRIS Specialist - Global Blue Chip Opportunity
| JAM Recruitment
Position: HRIS Specialist Reference: 21191 Salary: c£40-50k + Excellent Benefits Location: West Midlands Contact: Chris Pearson - JAM HR Systems Are you a techno-functional professional with a background in developing and driving HR Information Systems? ... more >
EMEA HR Systems Manager - Global Implementation Project
| JAM Recruitment
Position: EMEA HR Systems Manager Reference: 21014 Salary: c£55-65,000 + Bonus + Benefits Location: North London Contact: Chris Pearson - JAM HR Systems Are you a proven HR technology leader with aptitude to drive international ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503