ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Upgrade error exposes taxpayers' data

Colin Barker ZDNet.co.uk

Published: 30 Aug 2005 13:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The security of Lambeth Council's online council tax payment system was compromised last week, after a routine software upgrade.

The glitch led to personal details of local residents who used the service being emailed across the Internet as plain text. This included credit card numbers, card expiration dates and council tax numbers.

Speaking to ZDNet UK, one Lambeth resident said he had paid his council tax to Lambeth Council last Thursday using the online payments system provided by Capita.

According to the resident, the system worked well until he was sent a confirmation email, which contained his council tax number, card number, his name, expiration date, authorisation code, email address and the merchant's number, all in plain text in an email.

The resident immediately emailed the council pointing out that his details had "been exposed, against all good security practice". He received a prompt reply, but not an apology, from the contract manager at Lambeth Council, who explained the "problem existed for a short time only after an upgrade to the software".

The problem came about when the "STOP function that anonymises credit card details" was turned off during the upgrade, the contract manager said.

A spokeswoman for Lambeth Council told ZDNet UK that she had been told by Capita that the system was affected for two days and that it happened when the system "did not apply a mask that should cover the numbers".

The spokeswoman could not say how many residents had been affected by the fault. "We have asked [Capita] but they have not been able to tell us yet", she said on Tuesday, four days after the fault was first reported.

It was "unacceptable for this information to be displayed" the spokeswoman said, adding that the council had been reassured by Capita that adjustments had been made to the software so that the situation "could not happen again".

In May 2001, Lambeth Council cut short a £48m contract to outsource its benefits system to Capita claiming that the system of paying benefits had deteriorated over the previous four years.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
61 out of 129 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Did you make a serious typo in this article or was... Mick Fandango

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

IT Call Centre Helpdesk Support

German Payroll service owner (Newcastle - ENGLAND)

Maintenance Engineer / Electrical Maintenance Engineer / Electrical Technician

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers