back to article Home of the world's longest pleasure pier joins public sector leak club

Southend-on-Sea City Council has reported a data breach, joining a growing list of UK public sector organizations to have accidentally and illegally exposed sensitive files this year. The data breach occurred as a result of a botched response to a request made under the Freedom of Information Act 2000 (FoI). The council …

  1. Mike 137 Silver badge

    Excel and FoI basics

    Once again (oh, so often), hiding columns in Excel doesn't prevent access to the data they hold. And making the file 'read only' doesn't prevent the content being read. No master spreadsheet (or for that matter any primary document) should ever be sent out in response to an FoI request. The specific data requested, and no more than that, should be extracted into a new document that gets verified for scope against the request before it's issued.

    But of course that involves effort, attention and judgement, all of which seem to be in short supply, and not just in local government..

    1. cyberdemon Silver badge
      Windows

      In the olden days..

      I understand that large tables of data used to be stored by something called a "database", and that subsets of data could be exported to interested parties without exposing the entire database, with a "query" or a " report".

      This post feels too short, so let me add a footer

      -- Bring Dabbsy Back --

    2. Anonymous Coward Silver badge
      Boffin

      Re: Excel and FoI basics

      And the resulting data should be in a CSV file, both to avoid proprietary formats and to exclude any misused formatting.

      1. Yet Another Anonymous coward Silver badge

        Re: Excel and FoI basics

        For which Oracle would only charge twice their normal consulting rate. But because it's a legal FOI the offshore minimum wage workers should be paidcharged at the same hourly rate as lawyers

    3. Lee D Silver badge

      Re: Excel and FoI basics

      It's the one sole reason for which I tolerate CSV.

      No fancy hidden data, just a text-readable file that you can inspect and search for any private data if necessary.

      We need a kind of "PDF" standard for data export (but, again, without the possibility of revealing data hidden behind poor censorship attempts, etc.).

      Something like a single SQLite database table with no fancy features, or similar. Or Firebird. Same kind of program.

      1. Doctor Syntax Silver badge

        Re: Excel and FoI basics

        Plain text. That could cover CSV.

        No PDF. No SQLite or other database. I have nothing against either in their place but this is not their place.

        The standard you are looking for is plain text where everything is visible for inspection.

    4. Doctor Syntax Silver badge

      Re: Excel and FoI basics

      "that, should be extracted into a new document..."

      And that new document should be a plain text file.

      "...that gets verified"

      Verified by someone who knows the difference between a plain text file and a WP document or spreadsheet.

      I might stretch a point to allow CSV.

    5. Anonymous Coward
      Anonymous Coward

      Re: Excel and FoI basics

      I once took an "advanced" Excel course at $work, and the presenter couldn't perform one of the exercises because the file was password-protected read-only and no one present had the password. I had her send it to me, and I sent it back unlocked in a few minutes. The look on her face...

      Takeaway: If the file is readable (i.e. not encrypted), the full data from the file is readable. Period, end of statement, no exceptions.

    6. tinman

      Re: Excel and FoI basics

      I know the cause here is not clear but it may be that the sender didn't send a master sheet or hidden worksheets and did what you suggested with a new document but they still include the extra information unwittingly.

      In the PSNI case it appears they used a pivot table to select the requested information and then pasted that into a new workbook and sent that. What they didn't realise it that in pasting the pivot table, it could be 'unpacked' and allow access to all the data behind it, including the fields not displayed or requested.

      I know whereof I speak because someone once sent me a file in similar circumstances and then nearly filled their pants when I pointed out that they'd not only sent me the staff grades I'd asked for but also the names, NI, DoBs, etc of 22k staff from the CEO down

  2. Rikki Tikki Bronze badge

    "We have immediately begun an investigation to understand how this happened"

    An investigation that, presumably, will completely exonerate the managers and politicians who for years have neglected staff training, and point the finger squarely at the hapless drones.

    Sigh.

    1. Cynical Pie

      Except the LA will have to have 95% of users complete training annually to access NHS data for social care purposes.

      Its more a case of the people sending the response being understaffed and being under pressure to meet service standards by getting the responses out as quickly as possible and the team sending the data to them being too lazy to do the prep work to extract the information

    2. Doctor Syntax Silver badge

      It's not necessarily lack of staff training that's the problem. The staff training might have included extracting data into a spreadsheet. The underlying problem is more likely to be lack of a proper procedure as in Mike 137's post and insistence on a format that precludes any hidden content that might escape initial inspection.

  3. Will Godfrey Silver badge
    Facepalm

    Far too dangerous

    Clearly anyone from junior management and above should not be allowed anywhere near the internet, and the rest of the workfarce should only be permitted limited access under the watchful gaze of someone with at least two communicating neurons.

    P.S. workfarce was a typo, but it fits rather well!

  4. Anonymous Coward
    Anonymous Coward

    So :

    The data exposed included names, addresses, national insurance numbers, pension scheme details, salaries, and equal opportunities data.

    everything anyone would ever need for a permanent ongoing identity theft. In fact there is so much there it's entirely possible a fraudster could take control of someones accounts and they could never ever recover them. Which I've known happen more than once.

    1. Lee D Silver badge

      Re: So :

      Not really.

      Your NI number isn't privileged and nothing should hang off it (unless people are being absolutely incompetent).

      Your name and address are a matter of public record, easily discovered for any given individual - you give that to Amazon or everyone that you ever receive a letter from, for example.

      Pension scheme - yeah, maybe some slight phishing possibility there but nothing really major.

      Salary? Nope. Horrible personal data to have leaked but not a security issue of accessing anything (nobody genuine is going to ask you to enter your salary to gain access to a website, for example).

      Same for equal opportunities data.

      Any place that lets the above information take over an account without checking is utterly incompetent, and probably failing their own GDPR to be honest.

      What I don't see in that list are passwords, account numbers, security questions, etc. that would actually be required to directly do any harm.

      It's actually quite a low-level compromise, with the exception of the salaries.

      P.S. your employer knows all the above, anyone who works in the accounts or payroll department, anyone who works in the HR department, as do all of your previous employers up to a given point in time.

      1. Doctor Syntax Silver badge

        Re: So :

        Putting it altogether in one place is still a bad thing. And although NI number shouldn't be used for anything other than NI purposes it is, widely, especially by financial institutions.

      2. Anonymous Coward
        Anonymous Coward

        Re: Your NI number isn't privileged and nothing should hang off it

        I know a few systems which do. And they will be in for a shock when they realise that they aren't unique

        1. Don Bannister

          Re: Your NI number isn't privileged and nothing should hang off it

          They aren't unique - do tell how that might come about !

          And I've found quite a lot of banks & finance institutions do indeed use your NI number - quite often for ID and/or anti-laundering checks ....

          1. Ken Moorhouse Silver badge

            Re: They aren't unique - do tell how that might come about !

            https://www.gov.uk/hmrc-internal-manuals/national-insurance-manual/nim39110

            There have been historical cases where they are not unique, and may change.

      3. PRR Bronze badge

        Re: So :

        > Salary? Nope. Horrible personal data to have leaked but not a security issue of accessing anything (nobody genuine is going to ask you to enter your salary to gain access to a website, for example).

        The US IRS (tax) uses your last-year Gross Income to "sign" this year tax statement. That's not exactly salary but an automated attack might get in the 1% success range which may be profitable. But US IRS is good example of many bad practices.

        Salary exposed? I once worked for a state organization. ALL that state's employees' (with some revealing exceptions) salaries were posted online in the early 2000s by a state watchdog group. My salary number was a little off but right range. My boss made more than me, no shock. But two middle-level employees made a lot more than the boss(*). Interesting? Going up the shark-tank, the Governor had a hansom salary (more than he listed on his web-page) and a couple Specialists much more than the Gov. OTOH my female coworkers were grossly under-paid.

        (*)One had stunning seniority, must have started in kindergarten. The other was a notorious butt-licker.

  5. Anonymous Coward
    Anonymous Coward

    Were Capita involved?

    That's what we all want to know.

    1. JimmyPage Silver badge

      Re: Were Capita involved?

      In a very real sense, aren't they always ?

  6. Ken Moorhouse Silver badge

    They are shortening their pier...

    ...to enable them to take a long walk along/off it.

  7. Doctor Syntax Silver badge

    A good thing in a way. It didn't include information about the wider public and, given the personal involvement, will encourage them to be more careful in the future when it might be the wider public at risk.

    Experience is a dear teacher but there are those that will learn by no other.

  8. Tron Silver badge

    A solution! Low data traffic neighbourhoods.

    Council data transfers could be limited to 10Kb per day, 4 days a week (in computing terms, analogous to the speed at which council workers generally do stuff). That should give plenty of time to check and prevent the wrong sort of data from leaving. It will also improve wellbeing and help save the rainforests.

  9. Anonymous Coward
    Anonymous Coward

    The number of times

    I was often asked to upload “redacted” files to our website.

    In all but one case the “redaction” was thoroughly flawed in its execution.

    This despite me adding a “how to redact” page on the Intranet.

    Hint: Black boxes over words is not redaction.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like