R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from IT Week
ADVERTISEMENT

Newcastle suffers data loss

Council admits accidentally exposing cardholder data

Phil Muncaster, IT Week 27 Jul 2007
ADVERTISEMENT

Newcastle City Council has become the latest organisation to suffer a data breach when it announced yesterday that credit and debit card details of up to 54,000 people had been exposed.

The council said in a posting on its web site's home page that there had been an "inappropriate release" of names, addresses and card numbers relating to transactions made between February and April this year.

The situation came to light after the council hired a security expert to test its systems and found that on one occasion a file "had been wrongly placed on an insecure server, and subsequently uploaded to a computer address registered outside the country".

However the council is insisting that all data was securely encrypted and that there is no indication of any fraud or misuse. In addition, the servers concerned were shut down as soon as the breach was discovered and the banking sector, the police and the Information Commissioner were immediately informed, it said.

Graham Smith of consultancy AppLabs said quality assurance and testing is paramount to ensure that any bugs in systems are located well before any sensitive information is handled.

"Newcastle is the latest incident in a long line of public sector IT disasters," he added. "As these organisations become more reliant on technology, these breaches are set to become an even more common occurrence, unless they start to take the issue of quality assurance and testing of IT seriously.

Kevin Bocek of encryption specialist PGP said the incident highlights a recent trend of firms disclosing data loss voluntarily rather than risking the "embarrassment of accidental disclosure down the line".

"While Newcastle CC should be commended for being so upfront with the public, questions need to be raised as to why such sensitive citizen information was held on an unsecured server," he added. "If organisations want to take a holistic approach to defending the data they need to move away from ad-hoc measures and look to implement a comprehensive enterprise data protection strategy to protect data wherever it goes."

See also:

Data breach law divides experts
US-style legislation could be a good move according to RSA roundtable attendees  06 Jul 2007
EU flag
UK internet users want to be informed of data losses
Survey findings provide further evidence that the public want a US-style data breach notification law  30 Apr 2007
ICO logo
Liverpool City council fined for DPA breach
DPA lapses cost council dear  02 Jan 2007

All Enterprise Security Technology
Tags: Green

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduat
| Aston Carter
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduate. This is an amazing opportunity to join a successful city based team working at the cutting edge of development. My client is looking for strong Java/J2EE developers ... more >
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, L
| Aston Carter
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, London, City Graduate This is an exceptional opportunity for a talented Java, J2EE developer keen to work in a successful development team within arguable the best agile ... more >
2nd Line Support Analyst - London - to£40k
| Rullion Computer Personnel Ltd
2nd Line Support Analyst London £35, 000 to £40, 500 My client is a global market leader in the Internet Applications Industry. The company is continually progressing and looking for areas of growth and this ... more >
Security Solution Architect
| Rullion Computer Personnel Ltd
Security Architect / Information Security Specialist – St Albans - Global Leader - Shine At The Highest Level Security Solution Architect / Information Security Architect required by renowned blue-chip organisation offering the finest security projects ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503