R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Newcastle suffers data loss

Council admits accidentally exposing cardholder data

Phil Muncaster, IT Week 27 Jul 2007
ADVERTISEMENT

Newcastle City Council has become the latest organisation to suffer a data breach when it announced yesterday that credit and debit card details of up to 54,000 people had been exposed.

The council said in a posting on its web site's home page that there had been an "inappropriate release" of names, addresses and card numbers relating to transactions made between February and April this year.

The situation came to light after the council hired a security expert to test its systems and found that on one occasion a file "had been wrongly placed on an insecure server, and subsequently uploaded to a computer address registered outside the country".

However the council is insisting that all data was securely encrypted and that there is no indication of any fraud or misuse. In addition, the servers concerned were shut down as soon as the breach was discovered and the banking sector, the police and the Information Commissioner were immediately informed, it said.

Graham Smith of consultancy AppLabs said quality assurance and testing is paramount to ensure that any bugs in systems are located well before any sensitive information is handled.

"Newcastle is the latest incident in a long line of public sector IT disasters," he added. "As these organisations become more reliant on technology, these breaches are set to become an even more common occurrence, unless they start to take the issue of quality assurance and testing of IT seriously.

Kevin Bocek of encryption specialist PGP said the incident highlights a recent trend of firms disclosing data loss voluntarily rather than risking the "embarrassment of accidental disclosure down the line".

"While Newcastle CC should be commended for being so upfront with the public, questions need to be raised as to why such sensitive citizen information was held on an unsecured server," he added. "If organisations want to take a holistic approach to defending the data they need to move away from ad-hoc measures and look to implement a comprehensive enterprise data protection strategy to protect data wherever it goes."

See also:

Data breach law divides experts
US-style legislation could be a good move according to RSA roundtable attendees  06 Jul 2007
EU flag
UK internet users want to be informed of data losses
Survey findings provide further evidence that the public want a US-style data breach notification law  30 Apr 2007
ICO logo
Liverpool City council fined for DPA breach
DPA lapses cost council dear  02 Jan 2007

All Enterprise Security Technology
Tags: Green

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
5 x Test Engineers - Avionics Software - LDRA
| JAM Recruitment
The Role: 5 x Test Engineers The Duration: 3 months The Location: Wiltshire The Role 5 Test Engineers are required for contract positions working in the aerospace sector. The position will involve carrying out requirements ... more >
C# or C++ Front Office Analyst / Developer, IR Deriva
| Aston Carter
C# or C++ Front Office Analyst / Developer Interest Rate Derivatives £50,000 - £80,000 My Client a leading Investment Bank immediately requires a C++ Analyst / Developer to join a very successful IR Derivatives team. ... more >
Quality Assurance Engineer - Technical Documentation/Quality Testing
| JAM Recruitment
Quality Assurance Documentation Clerk North West / Cumbria Contract – 3 months + The Role A Technical Clerk is required for a large defence organisation based in the North West. As the successful candidate you’ll ... more >
Systems Installation Engineer - Ships / Weapons
| JAM Recruitment
The Role: Systems Engineer The Location: Hampshire The Duration: 3 months The Role This vacancy exists for a Systems Engineer working for a large defence organisation. The position will involve producing Installation Guidance Packages, generating ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503