City council inadvertently publishes confidential details about at-risk kids
Government (Foreign) // Healthcare and Public Health // Aberdeen, UK
An employee for the Aberdeen City Council took social services' files home and mistakenly uploaded them to a public website.
The data included information on vulnerable children and details of alleged crimes. The content “was on display for three months before it was spotted and taken down,” security firm Sophos reports.
The leaks began in November 2011, when an unidentified female staff member was working on council files on her own second-hand computer at home.
At some point after she saved the files to the My Documents folder on her laptop, an unspecified computer program posted them online. The software was believed to have been installed on the laptop by a previous owner and either started automatically or was unwittingly activated by the employee. It is unclear whether the woman initially retrieved the work documents using remote access to council email or carried the files home on a USB stick.
“These files apparently included minutes of meetings and detailed reports relating to the care of children.”
Nobody on staff noticed the documents had been exposed until February 2012 when another council employee stumbled upon them while searching the Web for the individual's own name.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.