ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Upgrade error exposes taxpayers' data

Colin Barker ZDNet.co.uk

Published: 30 Aug 2005 13:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The security of Lambeth Council's online council tax payment system was compromised last week, after a routine software upgrade.

The glitch led to personal details of local residents who used the service being emailed across the Internet as plain text. This included credit card numbers, card expiration dates and council tax numbers.

Speaking to ZDNet UK, one Lambeth resident said he had paid his council tax to Lambeth Council last Thursday using the online payments system provided by Capita.

According to the resident, the system worked well until he was sent a confirmation email, which contained his council tax number, card number, his name, expiration date, authorisation code, email address and the merchant's number, all in plain text in an email.

The resident immediately emailed the council pointing out that his details had "been exposed, against all good security practice". He received a prompt reply, but not an apology, from the contract manager at Lambeth Council, who explained the "problem existed for a short time only after an upgrade to the software".

The problem came about when the "STOP function that anonymises credit card details" was turned off during the upgrade, the contract manager said.

A spokeswoman for Lambeth Council told ZDNet UK that she had been told by Capita that the system was affected for two days and that it happened when the system "did not apply a mask that should cover the numbers".

The spokeswoman could not say how many residents had been affected by the fault. "We have asked [Capita] but they have not been able to tell us yet", she said on Tuesday, four days after the fault was first reported.

It was "unacceptable for this information to be displayed" the spokeswoman said, adding that the council had been reassured by Capita that adjustments had been made to the software so that the situation "could not happen again".

In May 2001, Lambeth Council cut short a £48m contract to outsource its benefits system to Capita claiming that the system of paying benefits had deteriorated over the previous four years.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
61 out of 129 people found this useful


Talkback

Post a comment


Full Talkback thread

1 comment

  1. Did you make a serious typo in this article or was... Mick Fandango

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

Council Tax Manager - West Midlands - Contract

My public sector client based in the West Midlands is seeking a Council Tax Manager to fulfil an initial six-month contract within a months time. The ...

Product Development - Equities Top Tier structurer tax efficient

Experience developing platforms such as issuance vehicles etc Strong understanding of tax legal and accounting issues a must, particularly the tax ...

Global Hedge Fund , Tax Country Manager VP / Director Apply Now

My client a international multi strategy hedge fund has a rare requirement for a tax professional to come on board and responsibility for its UK ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation