Feeds

Newcastle council credit card file lifted

Up to 54,000 people affected in bureaucratic bungle

Providing a secure and efficient Helpdesk

Newcastle City Council has compromised private details of up to 54,000 people who made payments to it by credit or debit card between February 2006 and April 2007.

The council said details were "inappropriately released" of transactions for "council tax, business rates, parking fines, and rent payments... other services, such as at leisure centres, tourist information centres, museums, theatres and galleries have not been compromised".

The council says a single file was compromised, containing names, addresses and credit card numbers (although the card numbers were encrypted). No details of either PIN numbers or security code numbers were in the file. Apparently, the file in question was placed on an insecure server and subsequently uploaded to "a computer address registered outside the country".

This was discovered during a council-ordered security checkup by an "independent industry expert".

Newcastle council became aware of the breach last Thursday and has informed the banks, the police, and the Information Commissioner. An investigation is ongoing.

Council chief executive Ian Stratford said:

"We are now fully confident that our systems are properly robust, so we are continuing to receive payments by credit and debit cards. We very much regret that this situation has developed, although would again stress that there has been no indication of any fraud or loss, and that we spotted this situation through the thoroughness of our own security and checking systems."

The Reg has seen a copy of an internal council email highlighting the matter. It says:

"[Council] Staff should be reassured that it only refers to credit and debit card transactions with the council and has no implications for their details on payroll..."

It's always good to see a sense of priorities being maintained. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.