Home   Medway   News   Article

Medway Council inquiry form IT bug leaves residents' details open to view

Residents’ personal information was made available to anyone due to a fault with an online inquiry form system.

Medway Council quickly addressed the bug when it was alerted to it by technology news site The Register.

The authority has now referred itself to the Information Commissioner’s Office.

Senior woman using laptop, close-up of hands Silver surfer - stock image to accompany story on elderly computer classes(1011173)
Senior woman using laptop, close-up of hands Silver surfer - stock image to accompany story on elderly computer classes(1011173)

The forms in question were devised as part of the Kent Channel Migration Project, a scheme involving various bodies throughout the county aimed at encouraging greater use of technology.

The launch of the project had already been held back due to “very clear flaws in usability and design”.

The council says just one form was affected but it is thought the issue meant users were able to access and edit data, which included names, phone numbers and email addresses.

Security researcher Paul Moore told The Register such bugs should be identified with “the most rudimentary tests” but with public sector budgets being sliced it was increasingly difficult to ensure necessary security measures were being taken.

The council’s assistant director of transformation, Carrie McKenzie, said: “We would like to reassure residents this was an isolated issue with our inquiry forms, which involved web links being manipulated to gain access. The inquiry forms give residents the opportunity to provide their name and contact details for a member of staff to assist them with their inquiry – these forms do not request financial details.

“As soon as we became aware that a technical expert had gained access to some forms on our website, we immediately removed all potentially affected forms. We have also taken action to fully resolve the technical issue to avoid this happening again. We have provided the Information Commissioner’s Office with an initial report, and have steps in place to ensure all data is protected.”

The council was first rapped by the ICO in 2017 after failing to send staff on data protection training. The ICO confirmed the authority has now complied with the requirements.

In 2014 the council’s Twitter account was hijacked by a group calling themselves the ‘citizens of Medway’ who announced council tax was being scrapped.

Join the debate...
Comments |

Don't have an account? Please Register first!

The KM Group does not moderate comments. Please click here for our house rules.

People who post abusive comments about other users or those featured in articles will be banned.

Thank you. Your comment has been received and will appear on the site shortly.


Terms of Comments
We do not actively moderate, monitor or edit contributions to the reader comments but we may intervene and take such action as we think necessary, please click here for our house rules. If you have any concerns over the contents on our site, please either register those concerns using the report abuse button, contact us here, email multimediadesk@thekmgroup.co.uk or call 01634 227989.

Close This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.Learn More