York council app hacked. What to do if you have been affected
According to reports, almost 6,000 people could have had their data breached after a City of York Council app was hacked.
In a letter sent to those potentially affected by the latest data breach, the council states that it has been contacted by a hacker who claims that they have found a way to access the personal data of residents using the One Planet York app. The app allows users to check their bin collection dates, and other information regarding recycling.
The compromised data includes phone numbers, encrypted passwords and addresses. It is not yet clear what the hackers have done with, or plan to do with the data. However, it has been suggested that the hackers could be someone who looks for data vulnerabilities in the public interest. This is because those responsible have not yet requested anything in return for the personal data.
The letter from the City of York Council says: "We value your privacy and deeply regret this incident occurred. We have conducted a thorough review of the One Planet York app, we have deleted all links with the app and as a result, will no longer support it going forward.
"We have deleted it from our website and asked for it to be removed from the app stores and ask that you now delete it from your device.
"We cannot say for certain what the third party responsible has done with the data."
The incident has been reported to North Yorkshire Police.
App users have been advised to delete the app and change their passwords. However, at Hayes Connor Solicitors, we have considerable experience helping individuals whose data has been breached and would also recommend some additional steps to keep users safe.
This includes contacting your bank and credit card providers immediately if you suspect your financial data may be compromised and looking out for fraudsters who attempt to gather more personal information (phishing).
Furthermore, we would always recommend that you inform the Information Commissioner's Office (ICO) about your concerns. The ICO is the body which undertakes investigations on behalf of individuals into suspected data breaches. You should also report any suspected phishing attempts to the police and relevant authorities.
The public sector is privy to a wide range of our sensitive information and this data is regularly shared between organisations as part of modern governance and the delivery of public services. And, if you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation.
But, at Hayes Connor, we don't just focus on compensation. In today's digital world, your personal data is a valuable commodity. So, we want to do all we can to keep you, and your sensitive information as safe as possible.