Data breach left millions of car trips exposed
Fury over data breach that left details of 8milllion car trips exposed to hackers and stalkers
- Police and council chiefs mistakingly exposed information on 8.6m car journeys
- The private information could have been exploited by any criminals and stalkers
- Information Commissioner’s Office is investigating the serious privacy breach
Details of 8.6 million car journeys were accidentally exposed on the internet in one of Britain’s biggest ever data breaches.
The information could have been exploited by criminals and stalkers, privacy campaigners warned last night.
Police and council chiefs who operated the system have apologised for the blunder, which is being investigated by the Information Commissioner’s Office. It has the power to impose multi-million-pound fines.
A database with records of vehicle movements was accidentally left unprotected and accessible by police and council chiefs. Pictured: Stock photo of a person using a laptop
The breach involved records of vehicle movements being tracked by a network of automatic number plate recognition (ANPR) cameras.
The database was left unprotected and accessible without a password – potentially allowing anyone to access it and look up individual vehicle movements. Tony Porter, Britain’s surveillance camera commissioner – who works with the Home Office to monitor the use of the technology – described the lapse as ‘astonishing and worrying’.
Mr Porter added: ‘I will be requesting a report into this incident.’
The incident is thought to be the biggest data breach in the UK since a cyber-attack on Dixons Carphone in 2017 and 2018, when 14 million people’s details were exposed to hackers who exploited a vulnerability in its IT systems. The retailer was fined £500,000.
Silkie Carlo, a director of Big Brother Watch, called the vehicle movement blunder an ‘astronomical data breach that has jeopardised the privacy and security of many thousands of people’. She said: ‘The incompetent management of this appalling mass surveillance system means (its administrators) will have no idea who has had access to the data, when, how, why or what they might do with it.
The breach involved records of vehicle movements being tracked by a network of automatic number plate recognition (ANPR) cameras. Pictured: Stock photo of busy traffic on the M1 near Milton Keynes in 2009
‘Detailed journey records of thousands of people could be exploited by criminals and pose a particular risk in stalking and harassment contexts.
‘Councils shouldn’t be conducting this mass-scale snooping at all, let alone leaking millions of sensitive records on the internet.
‘ANPR remains dangerously unregulated and deserves serious parliamentary attention.’
The data breach was exposed by specialist data publication, The Register, after an investigation by security experts who were able to monitor vehicle data between April 18 and 24.
Compromised records totalled some 8.6 million vehicle movements – a figure which would have been far higher had the exercise been carried out before the lockdown.
Sheffield City Council and South Yorkshire Police, who run the affected ANPR system, have apologised and said internal investigations were under way.
Source: Read Full Article