City of York Council Pulls One Planet York App Due To Data Breach

City of York Council has thanked a security researcher for discovering a flaw in a council app which allowed personal data to be breached.  

An external developer discovered that phone numbers, addresses and encrypted passwords of One Planet York users could be found on the app, which allowed users to check bin collection dates and recycling advice.  The developer reportedly did not do anything to exploit the vulnerability of the app, and immediately informed the council. The One Planet York app has since been removed from app stores and the council’s website, and the authority has urged remaining users to delete it from their devices. 

The local authority revised its stance after initially contacting North Yorkshire Police  after the data breach was reported. On Monday, the council tweeted:  

“Despite attempts to contact [the hacker], they did not respond and as a result of what appears to be a deliberate and unauthorised access we informed the police.”  

The council subsequently confirmed that the person who had identified the issue with the app had tried to contact them but their email had not been received due to security settings. North Yorkshire Police’s digital investigation and intelligence unit said the developer had “acted correctly”.  

City of York Council has thanked a security researcher for discovering a flaw in a council app which allowed personal data to be breached.  

An external developer discovered that phone numbers, addresses and encrypted passwords of One Planet York users could be found on the app, which allowed users to check bin collection dates and recycling advice.  The developer reportedly did not do anything to exploit the vulnerability of the app, and immediately informed the council. The One Planet York app has since been removed from app stores and the council’s website, and the authority has urged remaining users to delete it from their devices. 

The local authority revised its stance after initially contacting North Yorkshire Police  after the data breach was reported. On Monday, the council tweeted:  

“Despite attempts to contact [the hacker], they did not respond and as a result of what appears to be a deliberate and unauthorised access we informed the police.”  

The council subsequently confirmed that the person who had identified the issue with the app had tried to contact them but their email had not been received due to security settings. North Yorkshire Police’s digital investigation and intelligence unit said the developer had “acted correctly”.  

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: