Home of the world's longest pleasure pier joins public sector leak club Southend-on-Sea City Council has reported a data breach, joining a growing list of UK public sector organizations to have accidentally and illegally exposed sensitive files this year. The data breach occurred as a result of a botched response to a request made under the Freedom of Information Act 2000 (FoI). The council …
Once again (oh, so often), hiding columns in Excel doesn't prevent access to the data they hold. And making the file 'read only' doesn't prevent the content being read. No master spreadsheet (or for that matter any primary document) should ever be sent out in response to an FoI request. The specific data requested, and no more than that, should be extracted into a new document that gets verified for scope against the request before it's issued.
But of course that involves effort, attention and judgement, all of which seem to be in short supply, and not just in local government..
I understand that large tables of data used to be stored by something called a "database", and that subsets of data could be exported to interested parties without exposing the entire database, with a "query" or a " report".
This post feels too short, so let me add a footer
-- Bring Dabbsy Back --
It's the one sole reason for which I tolerate CSV.
No fancy hidden data, just a text-readable file that you can inspect and search for any private data if necessary.
We need a kind of "PDF" standard for data export (but, again, without the possibility of revealing data hidden behind poor censorship attempts, etc.).
Something like a single SQLite database table with no fancy features, or similar. Or Firebird. Same kind of program.
"that, should be extracted into a new document..."
And that new document should be a plain text file.
"...that gets verified"
Verified by someone who knows the difference between a plain text file and a WP document or spreadsheet.
I might stretch a point to allow CSV.
I once took an "advanced" Excel course at $work, and the presenter couldn't perform one of the exercises because the file was password-protected read-only and no one present had the password. I had her send it to me, and I sent it back unlocked in a few minutes. The look on her face...
Takeaway: If the file is readable (i.e. not encrypted), the full data from the file is readable. Period, end of statement, no exceptions.
I know the cause here is not clear but it may be that the sender didn't send a master sheet or hidden worksheets and did what you suggested with a new document but they still include the extra information unwittingly.
In the PSNI case it appears they used a pivot table to select the requested information and then pasted that into a new workbook and sent that. What they didn't realise it that in pasting the pivot table, it could be 'unpacked' and allow access to all the data behind it, including the fields not displayed or requested.
I know whereof I speak because someone once sent me a file in similar circumstances and then nearly filled their pants when I pointed out that they'd not only sent me the staff grades I'd asked for but also the names, NI, DoBs, etc of 22k staff from the CEO down
Except the LA will have to have 95% of users complete training annually to access NHS data for social care purposes.
Its more a case of the people sending the response being understaffed and being under pressure to meet service standards by getting the responses out as quickly as possible and the team sending the data to them being too lazy to do the prep work to extract the information
It's not necessarily lack of staff training that's the problem. The staff training might have included extracting data into a spreadsheet. The underlying problem is more likely to be lack of a proper procedure as in Mike 137's post and insistence on a format that precludes any hidden content that might escape initial inspection.
Clearly anyone from junior management and above should not be allowed anywhere near the internet, and the rest of the workfarce should only be permitted limited access under the watchful gaze of someone with at least two communicating neurons.
P.S. workfarce was a typo, but it fits rather well!
The data exposed included names, addresses, national insurance numbers, pension scheme details, salaries, and equal opportunities data.
everything anyone would ever need for a permanent ongoing identity theft. In fact there is so much there it's entirely possible a fraudster could take control of someones accounts and they could never ever recover them. Which I've known happen more than once.
Not really.
Your NI number isn't privileged and nothing should hang off it (unless people are being absolutely incompetent).
Your name and address are a matter of public record, easily discovered for any given individual - you give that to Amazon or everyone that you ever receive a letter from, for example.
Pension scheme - yeah, maybe some slight phishing possibility there but nothing really major.
Salary? Nope. Horrible personal data to have leaked but not a security issue of accessing anything (nobody genuine is going to ask you to enter your salary to gain access to a website, for example).
Same for equal opportunities data.
Any place that lets the above information take over an account without checking is utterly incompetent, and probably failing their own GDPR to be honest.
What I don't see in that list are passwords, account numbers, security questions, etc. that would actually be required to directly do any harm.
It's actually quite a low-level compromise, with the exception of the salaries.
P.S. your employer knows all the above, anyone who works in the accounts or payroll department, anyone who works in the HR department, as do all of your previous employers up to a given point in time.
> Salary? Nope. Horrible personal data to have leaked but not a security issue of accessing anything (nobody genuine is going to ask you to enter your salary to gain access to a website, for example).
The US IRS (tax) uses your last-year Gross Income to "sign" this year tax statement. That's not exactly salary but an automated attack might get in the 1% success range which may be profitable. But US IRS is good example of many bad practices.
Salary exposed? I once worked for a state organization. ALL that state's employees' (with some revealing exceptions) salaries were posted online in the early 2000s by a state watchdog group. My salary number was a little off but right range. My boss made more than me, no shock. But two middle-level employees made a lot more than the boss(*). Interesting? Going up the shark-tank, the Governor had a hansom salary (more than he listed on his web-page) and a couple Specialists much more than the Gov. OTOH my female coworkers were grossly under-paid.
(*)One had stunning seniority, must have started in kindergarten. The other was a notorious butt-licker.
Council data transfers could be limited to 10Kb per day, 4 days a week (in computing terms, analogous to the speed at which council workers generally do stuff). That should give plenty of time to check and prevent the wrong sort of data from leaving. It will also improve wellbeing and help save the rainforests.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
