Anger as details of 8m car trips exposed to hackers and stalkers
DETAILS of 8.6 million car journeys were accidentally exposed on the internet in one of Britain’s biggest ever data breaches.
The information could have been exploited by criminals and stalkers, privacy campaigners warned last night.
Police and council chiefs who operated the system have apologised for the blunder, which is being investigated by the Information Commissioner’s Office. It has the power to impose multi-million-pound fines.
The breach involved records of vehicle movements being tracked by a network of automatic number plate recognition (ANPR) cameras.
The database was left unprotected and accessible without a password – potentially allowing anyone to access it and look up individual vehicle movements. Tony Porter, Britain’s surveillance camera commissioner – who works with the Home Office to monitor the use of the technology – described the lapse as ‘astonishing and worrying’.
Mr Porter added: ‘I will be requesting a report into this incident.’
The incident is thought to be the biggest data breach in the UK since a cyber-attack on Dixons Carphone in 2017 and 2018, when 14million people’s details were exposed to hackers who exploited a vulnerability in its IT systems. The retailer was fined £500,000.
Silkie Carlo, a director of Big Brother Watch, called the vehicle movement blunder an ‘astronomical data breach that has jeopardised the privacy and security of many thousands of people’. She said: ‘The incompetent management of this appalling mass surveillance system means (its administrators) will have no idea who has had access to the data, when, how, why or what they might do with it.
‘Detailed journey records of thousands of people could be exploited by criminals and pose a particular risk in stalking and harassment contexts.
‘Councils shouldn’t be con
‘Astronomical data breach’
ducting this mass-scale snooping at all, let alone leaking millions of sensitive records on the internet.
‘ANPR remains dangerously unregulated and deserves serious parliamentary attention.’
The data breach was exposed by specialist data publication, The Register, after an investigation by security experts who were able to monitor vehicle data between April 18 and 24. Compromised records totalled some 8.6million vehicle movements – a figure which would have been far higher had the exercise been carried out before the lockdown.
Sheffield City Council and South Yorkshire Police, who run the affected ANPR system, have apologised and said internal investigations were under way.