A hacker has accessed the data belonging to nearly 6,000 Yorkshire residents, by breaching a Yorkshire Council application.
The One Planet York application was designed to help residents in York find out the bin collection dates, while also providing recycling advice.
The city of York Council have stated that the application contained 5,994 records which stored information such as user phone numbers, addresses and encrypted passwords.
The council have sent a letter, obtained by the York Press, out to all users of the application to inform them of the breach stating that: “We have conducted a thorough review of the One Planet York app, we have deleted all links with the app and as a result, will no longer support it going forward.”
“We have deleted it from our website and asked for it to be removed from the app stores and ask that you now delete it from your device,” the letter advises.
It seems the council was informed of the breach by the threat actor themselves who contacted the council on the 1st of November. the council then promptly informed the North Yorkshire Police about the breach.
It is unclear if this hacker reported the vulnerability as part of a malicious endeavor or was simply wearing their white hat for the day.
The application was isolated from council system so the breach seems to be limited to the One Planet York application.
Commenting in an emailed statement to Computer Business Review Martin Thorpe Enterprise Security Architect at Venafi said that: “This is a serious breach, with thousands of people having their personal data at put at risk.”
“Unfortunately, hacks of these kind are rising year on year though; York is certainly not alone. There are now over 15.5 billion apps in the UK, often containing very personal information – from health data to financials. Yet developers are often more focused on features and usability than on security. In a bid to increase speed to market, developers are prioritising convenience and failing to build security in from the ground up.”