Data breach affects more than half of East Devon Council - BBC News

Members of a Devon district council suffered a significant data breach when more than half had passwords made available online to other councillors.

Thirty-seven of 60 East Devon District Council members were affected by the breach at the start of November, a full council meeting has heard.

Swift action was taken to rectify the breach, with councillors resetting passwords, it was also told.

The Information Commissioners Office (ICO) is investigating.

The subject was debated at the full council meeting on Wednesday, the Local Democracy Reporting Service reported.

Passwords on profiles
It is understood council IT provider Strata added Airwatch and Outlook 365 passwords to individual councillors' profiles.

During the breach, all data within the affected councillors' emails, which could have included confidential information such as probation reports, medical information and electoral register data, could have been accessed by other councillors.

The Strata team was said to have acted quickly to get passwords reset and notified the ICO of the breach.

A full report would come before the council's cabinet in 2021, the meeting heard.

Councillor Paul Millar, who discovered the initial breach, asked Jess Bailey, cabinet portfolio holder for corporate services, what steps were being taken to ensure appropriate safeguards were introduced.

She said she recognised it was "a serious matter" and she had been "sufficiently reassured" that "in my view the actual risk of anything untoward having occurred is extremely low".

However, she could not answer when Mr Millar asked if there could be a "categorical assurance" that his emails and data of residents in those emails were not accessed by anyone else.

Strata, which also provides IT services to Exeter City Council and Teignbridge District Council, has been approached by the BBC for a comment.