West Lindsey residents details leaked online in council breach

An investigation is underway after a data breach saw private details of West Lindsey District Council residents leaked online.
Watch more of our videos on Shots! 
and live on Freeview channel 276
Visit Shots! now

London-based outsourcing firm Virtual Mail Room was hit by a targeted attack in June, when more than 50,000 letters sent out by banks and local authorities were indexed by Google — which meant they could appear on public search results.

The breach included 2,300 letters sent by councils in Croydon, Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey and o ne database showed the details of hundreds of people receiving letters from housing associations.

A spokesman for the authority said: “West Lindsey District Council has been made aware that one of our suppliers has been a victim of cybercrime and has confirmed a security breach.

The West Lindsey District Council office in GainsboroughThe West Lindsey District Council office in Gainsborough
The West Lindsey District Council office in Gainsborough

“However, the breach does not constitute a ‘high’ risk to the individuals affected.

“West Lindsey District Council takes all incidents seriously and as a result we have reported to the Information Commissioners Office (ICO) and an investigation is currently underway.

“We will contact all our affected customers to inform them and to reassure them.”

Virtual Mail Room’s clients include Metro Bank, publisher Pearson and insolvency specialists Begbies Traynor.

According to Wired magazine, Mickel Bak, the director of Virtual Mail Room, said the company was the target of an attack.

“We are clearly very concerned that we were the target of an attack to access information that we hold,” he said.

“We have, and are taking the necessary steps required to assist our clients and appropriate authorities in this instance.”

Wired said the breach raised doubts over due diligence and could be in breach of data protection laws.

All the data left unprotected has since been secured, but not before it was left online for anyone to see since June.

The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible. The tools on the backend were also left unsecured, allowing for print and delivery jobs to be potentially modified or deleted.

A message from the Editor:

Thank you for reading this story on our website. While I have your attention, I also have an important request to make of you.

In order for us to continue to provide high quality and trusted local news on this free-to-read site, I am asking you to also please purchase a copy of our newspaper.

Our journalists are highly trained and our content is independently regulated by IPSO to some of the most rigorous standards in the world. But being your eyes and ears comes at a price. So we need your support more than ever to buy our newspapers during this crisis.

With the coronavirus lockdown having a major impact on many of our local valued advertisers - and consequently the advertising that we receive - we are more reliant than ever on you helping us to provide you with news and information by buying a copy of our newspaper.

Thank you

Nancy Fielder, editor