November 22, 2018 at
Council workers in the City of York, UK, could not guarantee that the personal data of the app users had not been breached, following the hack. The hacker contacted the City of York Council to let them know that they had managed to infiltrate the personal data of the people who were using the app. Addresses, phone numbers and encrypted passwords of those using the app were all accessed.
The City Council had no idea the app user’s data had been compromised until the hacker contacted them to let them know. The One Planet York app was used to find out information and advice regarding local recycling as well as trash collection dates. The hack was reported to the North Yorkshire Police by the City of York Council, who has contacted the app users to express its “deep regret” over the breach.
The records of almost 6,000 people were contained in the app and all of these were potentially breached, although the City Council says it cannot be sure of this and hopes it was not the case. The council said it was unable to say what had happened to the breached information or how the person responsible for the hack had used the personal information.
In a letter to app users, the City Council expresses how much it values the privacy of its members. It also declares its deep regret at the occurrence of this incident. It goes on to explain that a thorough review of the One Planet York app has taken place and that the City Council has overseen a deletion of all of the app’s links. Going forward, it says it, “will no longer support” the app and has asked customers to delete the app from their devices.
The letter to those affected by the breach goes on to say that it has asked for the app to be removed from all app stores and that it has been completely deleted from the York City Council website. A Council spokesperson said that they were unable to ascertain exactly what the person responsible for the breach was planning to do with the hacked data.
The deputy CEO of the City Council, Ian Floyd, reported that a third party contacted them on November 1st, telling them they had found a way to access personal data of the users of the One Planet York app. Mr. Floyd said that the data accessed comprised personal information such as encrypted passwords, telephone numbers and email addresses, as well as full names, addresses and zip codes of the people who had downloaded the app to their devices.
Mr. Floyd went on to state that he did not think that the accessed data included any further sensitive information, but he can obviously not guarantee this. He was able to reassure users however that the One Planet York app was completely separate and not connected to other City Council systems, so the third party responsible for the hack would have been unable to access any other personal and sensitive data held by officials.
The affected users have been advised to change their passwords and to completely remove the app from their devices.