Hackers have obtained personal data belonging to users of York council’s environmental app forcing the City of York Council to notify the police and concurrently, permanently take down its One Planet York app, following the data breach.
The community centric app supported the council’s broader One Planet York programme, which seeks to reduce waste and improve the city’s environmental performance, contained nearly 6000 user records, all of which had been breached.
The alleged hackers alerted the council on November 1 to inform them of the users data breach.
The council has contacted all users via email and told them they should delete the app from their mobile device. Further reporting has indicated that that the council thought the hackers’ motive was to expose the security flaw and not necessarily do anything sinister with the data.
The email from the council’s deputy chief executive reads: “On 1 November 2018, a third party contacted the council and told us they had found a way to access personal data of those people who use the One Planet York app.
The data accessed included personal information such as your name, address, postcode, email and telephone together with your encrypted password.
To our knowledge, the data accessed did not include any further sensitive information. In addition, the One Planet York is isolated from other council systems and therefore unable to access other personal data.”
He added: “We have conducted a thorough review of the One Planet York app, we have deleted all links with the app and as a result, will no longer support it going forward.
“This is to prevent a recurrence of such an attack, and to protect the privacy of residents and users of the app. We have deleted it from our website and asked for it to be removed from the app stores and ask that you now delete it from your device.
“We have notified the police of this deliberate and unauthorised access by a third party.”
It is too early to know what further damage or harm may be inflicted on the council and its users.
Can your business survive the business interruptions costs, reuptational damage and inconvience of a hack?
Why not talk to us about a Cyber Insurance quote?