September 9, 2020 11.37 am This story is over 44 months old

West Lindsey residents details leaked online in council breach

Several local authorities affected by cyberattack

An investigation is underway after a data breach saw private details of West Lindsey District Council residents leaked online.

London-based outsourcing firm Virtual Mail Room was hit by a targeted attack in June, when more than 50,000 letters sent out by banks and local authorities were indexed by Google — which meant they could appear on public search results.

The breach included 2,300 letters sent by councils in Croydon, Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey.

A spokesman for the authority said: “West Lindsey District Council has been made aware that one of our suppliers has been a victim of cybercrime and has confirmed a security breach.

“However, the breach does not constitute a ‘high’ risk to the individuals affected.

“West Lindsey District Council takes all incidents seriously and as a result we have reported to the Information Commissioners Office (ICO) and an investigation is currently underway.

“We will contact all our affected customers to inform them and to reassure them.”

Virtual Mail Room’s clients include Metro Bank, publisher Pearson and insolvency specialists Begbies Traynor.

According to Wired magazine, Mickel Bak, the director of Virtual Mail Room, said the company was the target of an attack.

“We are clearly very concerned that we were the target of an attack to access information that we hold,” he said.

“We have, and are taking the necessary steps required to assist our clients and appropriate authorities in this instance.”

Wired said the breach raised doubts over due diligence and could be in breach of data protection laws.