back to article Database containing 1.8m UK postcode locations leaks online

An alleged copy of the UK postcode list has tipped up on WikiLeaks. The whistleblower site claims to currently be hosting a database containing 1,841,177 Blighty postcodes “together with latitude and longitude, grid references, country, district, ward, NHS codes and regions, Ordnance Survey reference, and date of introduction …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    not complete

    whats there seems to be accurate, but its not complete (theres a couple of postcodes I've tried that have been around decades and arent in there).

  2. Dick Emery

    Relevant indeed!

    Given the current postal strikes and complete LACK of postal services - and in fact poor postal services over the last few years - this is welcome news.

    The post service needs a good kick up the arse!

  3. alain williams Silver badge

    It should be freely available

    nothing else to add to the title

  4. Clive Galway
    Thumb Up


    Been waiting for this to happen. Also, could someone please do the same for the UK border data (County borders and such). I put in a FOI request for those but was denied. Crown Copyright is an abuse of power - ALL information held under it should be in the public domain. The US release theirs under the TIGER scheme, but we have no such equivalent, unless you are an educational institution.

    I find that kind of ridiculous: Bye-laws can vary by county - but given a lat long you cannot know (without paying), which county you are in and thus which bye-laws you are subject to.

  5. Anonymous Coward
    Anonymous Coward

    Wasn't this kind of thing common...

    ...on Mr Blobby disks back in the mid 90s?

  6. redbook


    Royal Mail licence the DB to companies for inclusion in address completion software, address lookup etc.. I'm guessing that for each licencee they add a fake postcode so if the DB does get leaked they can trace the source.

    Bonus fact. According to Wiki, this adding of a false entry to something is also called a Mountweazel or Nihilartikel.

  7. handle

    Not just businesses

    OpenStreetMap would also be far better with a complete set of postcode data. At the moment it can be added piecemeal by people entering locations (or using a GPS-enabled phone to report its current position) where they know the postcode - but this cannot be done from a dump of the data or Royal Mail's postcode finder (just as you cannot trace from Google aerial imagery) as the map would become copyright-encumbered.

  8. Anonymous Coward
    Thumb Up


    Been after this for ages! This is public info which the Royal Mail have refused us free access for years so they can milk us for searches!

    Way to go where's my copy of uTorrent gone...

  9. Anonymous Coward

    Tappity tap tap

    Anyone need a free to use xml api to this data for their web services?

    You're welcome

  10. David Cook
    Thumb Down

    Protectionist Business Practices

    It's not just that they hold the keys to public data, it's the way they hold the price of access to the data artificially high in cahoots with QAS (Quick Address Systems, now part of Experian).

  11. MonkeyBot

    PAF? Piffle

    I worked at the Peterborough sorting office after my A-levels.

    Whilst demonstrating the power of their database, the woman training us couldn't find my house despite it being a 5 minute walk from the sorting office.

  12. Anonymous Coward
    Thumb Up


    We have paid money for it in the past - now we need a 'flipping the bird' icon :p

    (ok i know there will not be updates, and we dont use it anymore so i dont care...)

  13. Anonymous Coward
    Black Helicopters


    Until this minute, I thought it was in the public domain anyway.

    How else, I wondered, do online shopping sites etc resolve our post codes to addresses.

    How else does Google (and other) maps, Earth, etc, zoom straight to an entered postcode?

    Now I learn Royal Mail has been making money out of it. They are our* postcodes! Let them be public!

    If they are required in a nice database format for commercial use, then let the Royal Mail make a service, or media, whatever, charge, but licensing?

    *Your postcodes: I don't live there any longer.

  14. Anonymous Coward

    New Postcodes

    I guess its time for Royal Mail to unvail its new postal code system

  15. Anonymous Coward
    Anonymous Coward

    Security concern?

    Given that you can purchase the entire Db from Royal Mail, is it really a security issue?

  16. Colin Wilson
    Thumb Up

    Result !

    Our postcode book in work has just gone walkabout, the post office having discontinued them about 4 years ago - about time this became available freely !

    (legitimately would be even better, after all, we paid for the sodding thing in the first place)

  17. Armus Squelprom
    Thumb Up


    It was public information held by a public body, should've been released years ago

  18. Anonymous Coward
    Thumb Up

    Awesome! I've wanted this for years.

    Cheers, wikileaks! :)

  19. wobbly1

    sorry to piss on your chips

    database is not complete , just checked; my own post code not there , my partners, not there, my dealer, not there.

    so no home, leg-over, or drugs...

    Perhaps it has been edited by the Calvinists?

  20. Anonymous Coward

    Any Legal Eagles out there?

    If I personally created the data in this database - linking a postcode to a lattitude and lognitude, I would be well within my rights - to that extent, the data is already public; I know my postcode and I know my location.

    What are the legal implications of making use of a leaked copy?

    (I have a potential use for this data. My use will not make me. nor anyone else, any money, but could provide a useful service, but if I got the data from the Royal Mail, they would charge me the occasional limb.)

  21. Anonymous Coward


    Wonder how long it would take some script kiddy to put something together that links the long/latitude data with Google to get Street Addresses

  22. Anonymous Coward

    Pretty useless really

    Title says it all.

  23. Conor Turton


    Can someone please give the file to Tomtom so that they might actually have postcodes from houses built in the last 5 years?

  24. Anonymous Coward

    oohhh goody

    more spam...

    direct to your door this time...

    though the post office shouldnt really complain as they will make a nice little earner from all those extra stamps sold.

    though i pity the postys that are gonna have to do some real work for a change ;)

    sorry guys no more chucking the extras back in the nearest postbox cos your poor feet ache...

    or bunking off home cos you feel like watching the footy early... down the pub

  25. dunncha

    isn’t that significant, however, given that it doesn’t contain the names and/or addresses

    The leak of this information may or may not be that significant but it again highlights the potential to lose of these super databases.

    Imagine if the Vetting Database got leaked with all the positives and negatives on. Wouldn't that be interesting.

    I sure if you had asked the Royal Mail last week could this happen they would have swore blind that the safeguards they had in place would prevent such a lapse of security. I guess they maybe shaken in their complacency.

    Of course we have only seen the released list of the database who can say what actually went missing? Names and all... Probably

  26. Anonymous Coward
    Anonymous Coward

    Our data?

    Royal Mail is the British post service. To achieve this it is given money by the government from our taxes. Therefore any extra income it gets from a database that it maintains offsets the tax required to keep it running.

    On the other hand it could be available to each and every person to use thereby offsetting costs of their businesses.

    However it shouldn't be available to anyone who hasn't contributed to it in the first place - non-taxpayers like foreign companies.

    Better it offsets the running costs of the mail than giving everyone equal opportunity to junk mail me.

  27. dl

    Oh no!

    Wait doen't this mean if some one has your address, they now know where you live!

  28. Tzael
    Thumb Up

    Developers will appreciate the database availability

    The number of times I've begrudgingly paid for access to third party postal code services when developing ecommerce solutions eludes me. I daresay it won't be long before developers are preparing their own self-contained post code lookup solutions that are not tied to on-going subscription fees.

    I'm going to wait until I hear more on the legality of using this data, but if it turns out that using the data is acceptable then I'm definitely replacing the post code lookup solution in all my ecommerce sites with a home-grown subscription-free alternative.

  29. DavCrav

    Wikileaks starting to get dodgy?

    What happens if someone sends the child benefit database to Wikileaks? Or something similar, like the customer database for Amazon, complete with credit card info? When it was a whistleblowers' site, it made sense. The list of postcodes can hardly be considered confidential information that needs to be leaked.

    I think 'leaks' like this are starting to damage Wikileaks's credibility, and might make governments finally club together and give them a kicking. While they're at it, they can do all the other stuff they want, like removing filesharers and anonymity.

  30. Jeremy 2


    "This leak online isn’t that significant, however, given that it doesn’t contain the names and/or addresses of houses in each postcode that the PAF holds."

    Perhaps not much use for address <-> post code lookups, but pretty useful for geocoding, no? Perhaps Google would like to use the WikiLeaked data to improve their geocoder which is notoriously wobbly when it comes to UK postcodes.

    A quick search of the list shows that (apart from the fact that Lat and Lon are inexplicably the wrong way around in the file) the coordinates are very good.

  31. Methchild Dildrop

    this data was hardly difficult to get

    Anyone who has licenced PAF has been able ,if they so wished, to extract the information from the CD that royal mail provide, there is even an export function on the one I used, I am surprised no one has done it before. An export that I made some time ago had nothing in it to identify the origin so no one would have known where it came from .

  32. Anonymous Coward

    it isn't already publicly available?

    Wow. Just wow.

  33. Anonymous Coward
    Anonymous Coward

    Oh Goody!

    Santa will be pleased. Now as a special treat I wonder if the old fella with the white beard and red robes could deliver something down the chimney of Number 10?

    Yes, it is ticking Grandpa, I've bought the geezer who lives there a new clock, honest....but it's important that it gets there no later than 9:20am tomorrow morning okay, because that's when it needs winding up again. Trust me, I'm not a salesman.

  34. Trev 2

    Thanks for the headsup

    The people we were using are likely to stop selling this, so it's handy to know where we can get the data to fill in some of the gaps. OK, not much good to marketting people but very useful for c/o type applications, eg: Google Maps API (as that only does it to the first bit of the postcode).

  35. BernardBrezlow

    Not PAF - NSPD

    I haven't looked at the data, but from the description it is the NSPD (National Statistics Postcode Directory) from Office for National Statistics, not PAF. It is also commercially available -

  36. Garry Mills


    I use the Yahoo geocoding API to convert postcodes into lon/lat - but this data should be in the public domain. I don't know of a postal system anywhere in the world that charges for access to this data like ours does.

  37. My Alter Ego

    @redbook RE: Mountweazel

    My thought exactly. The OS does the same thing adding easter eggs to maps (something small like a mews where there's actually a terrace of houses) so that they can tell if other companies have ripped off their maps.

    Never heard the term "Mountweazel", but then easter egg isn't really the best description either.

  38. Jims 1

    Hold your horses, developers

    Dont forget that this data will be protected under database rights, which is similar to copyright. However one difference is, breaching database rights is actualy a criminal offence.

    So this wikileak is essentianly useless.

    Mines the one with the GPS scanner and notebook in the pockets

  39. mariushm

    In reply to Wikileaks starting to get dodgy?


    What happens if someone sends the child benefit database to Wikileaks? Or something similar, like the customer database for Amazon, complete with credit card info? When it was a whistleblowers' site, it made sense. The list of postcodes can hardly be considered confidential information that needs to be leaked.

    End quote.

    By the time stuff gets uploaded to Wikileaks, you can be sure it was already leaked on P2P networks or used by people and probably even sold on underground networks for thousands of dollars.

    By getting it to the public, you can at least be sure the organizations/ companies involved won't be able to ignore or cover up the security issues or threats and they'll have to be proactive in protecting those persons/customers (in Amazon's example, they'll have to notify the customer and give him credit protection or something like that - either way better than just ignoring it and customers finding out they lost hundreds of dollars and arguing with the banks for days to revert the charges)

  40. Anonymous Coward

    Royal Mail Database Security

    It's in the mail...

  41. sleepy

    A disgrace mitigated

    Should have been public info from the start. It's outrageous that RoyalMail only makes £1.6M annually out of withholding it; its true value to UK PLC is at least a hundred times greater, but that can only be realised by making it freely available.

  42. Mark Aggleton
    Thumb Down


    By having to pay for things such as QAS and GB Address......

  43. Anonymous Coward

    This is the NSPD

    National Statistics Postcode Database, which they refuse to release under FOI as they charge "reasonable" fees, although they have flat fees which I'm sure they shouldn't have as I'm sure that "reasonable" is supposed to be means-tested.

    Seriously, how can they charge more if you want the data for 1 person or for 250 people? All they are doing is sending a DVD.

    Surely though they can't argue with you using data that you didn't trouble them to provide? I'm going to ask them.

  44. troldman
    Thumb Down

    Wikileaks getting dodgy?

    I agree. Posting copyrighted data that isn't part of some coverup or conspiracy isn't right - it's just piracy.

    PAF is overpriced and a data monopoly, but that doesn't mean it should be unlicensed, free or pirated. Yes, it's our data but 'we' also get revenue from it.

  45. Sam Liddicott
    Big Brother


    A Mountweazel is too easy to spot.

    With Royal Mail government links, they are more likely to use a fnord.

  46. JBR

    get on there! They're trying to build a copyright free version of this database

  47. Anonymous Coward

    Free the 1841177

    This would be useful to any one wanting to develop a website before paying for the database.

    If the database were free many developers in the UK would create new websites: entrepreneurship... supposed to be a good thing.

    Conspiracy theory? This has been done deliberately to either subvert the revenue line of the liberated versions of the database already out there or to identify the the users of this 'liberated' version because it may have bad data purposefully poked into it.

    Check the 1841177 postcodes against but don't submit the could be bad.

  48. Anonymous Coward
    Anonymous Coward

    Live and learn

    I didn't know a plain text file could have pages.

  49. This post has been deleted by its author

  50. Anonymous Coward
    Anonymous Coward


    Maybe it will help some of the NAV manufacturers understand that, unlike the continent, UK postcodes imply more than just the town.

    Interestingly, I compared a couple of Lat Lon positions from the database with a postcode search on Google Maps. They were close but not the same, so I guess Google uses a different postcode database.

  51. Greg J Preece

    Not complete

    My postcode is there, but my parents' is not.

  52. Anomalous Cowherd Silver badge

    Pretty sure it's not the PAF

    I've seen excerpts of that one, and it maps to street addresses as well. This is simple postcode to latitude/longitude, which is great if you navigate exclusively by aircraft but not so hot if you want to get anywhere by, say, road.

  53. Lunatik

    Much ado...

    The PAF has always been available if you knew where to look, copies (encrypted to a very low standard) are supplied by PAF licensees for in-house postcode lookup installs (one example: and so cracked versions have been circulating for years.

    There is one fundamental problem with the PAF though: it goes out of date, surprisingly rapidly if you are serious about using the data. Most PAF licenses include not only the right to use the data, but updates to the data every month/quarter.

    As such, this Wikileaks thing is such a no story.

  54. Lunatik

    "My postcode's not there"

    Also, to those that are searching for postcodes and saying they are not there, how are you checking? Excel prior to 2007 will only show the first 65,536 rows, and 2007/2010 will only show the first 1,048,576 and I'm willing to bet most text editors will simply die trying to open a file that big.

    I've been checking the CSV via a database driver and it all seems to be fairly well in order.

  55. Anonymous Coward

    @ NAV & Garry Mills - Coordinate Systems

    Be aware -

    - Google & Yahoo use WGS84

    - Postzon dataset is OSGB36 eastings & northings.

    For the exact same coords you could be 300 metres misplaced.

    For a postcode coord, you might be 1000m misplaced.

    See - A guide to coordinate systems in Great Britain


    Someone please post the full PAF.

  56. David Hicks
    Thumb Down

    PAF Damn weel ought to be free

    We pay for it, to deny us access to it due to profit/copyright concerns is just nonsense.

    Royal mail need to stop living in the 1950s, we're in an information age and they're quickly becoming an irrelevance. Providing public services like a free and open PAF and their other address-related data would be a good way to justify the susbidies we give them.

  57. Anonymous Coward


    The f*ckin idiot(s) that developed the PAF (Post Office Address File) didn't allow for the use of non-numeric characters in the building number field, meaning that any premises that occupy more than one building (e.g. 43-45) can not be catered for correctly and instead requires wrong data be out into incorrect fields as a work-around (such is the genius of the Post Office).

    The PAF also contains numerous errors and yet every company seems to treat the PAF as some kind if it were some kind of infallible truth and as if they know where I live better than I do myself.

    I (and many, many others) have been trying to get the Post Office to fix these problems, but they absolutely refuse.

  58. Lunatik

    @AC 12:45

    Post Office!=Royal Mail

    No wonder your complaints would fall on deaf ears.

  59. pedrodude
    Thumb Up

    @ mariushm

    Spot on, mate.

  60. James Pickett


    IIRC, the PO union is balloting members on further strikes. Guess how they distribute the forms?

  61. Tim Almond


    "PAF is overpriced and a data monopoly, but that doesn't mean it should be unlicensed, free or pirated. Yes, it's our data but 'we' also get revenue from it."

    The problem is that the revenue has to come from somewhere. So, while the Post Office makes £1.6m, that is a cost to businesses (and ultimately, the consumer). It would be a zero sum operation, except that there's a whole bunch of people administering the sales which means it increases inefficiency (as well as the PAF costs being a deterrent to business).

    The vast majority of work for the PAF is already done regardless of business sales, and the cost of allowing free downloads would be tiny and would be more than covered by the value given to businesses. Or charge people a nominal £1 (but allow free distribution too).

  62. Kerberos


    The problem is it is prohibitively expensive to use. If they allowed a comprehensive API that a single site could use for a few pounds a month they'd make a killing. Instead they charge a small fortune and 99% of people who would use it simply don't.

  63. call me scruffy

    This is odd,

    I could have sworn that I downloaded the PAF from a legitimate source back in 2004. Clearly I can't have done... I wonder what the hell I downloaded?

This topic is closed for new posts.

Other stories you might like