Users of the government data dashboard are urged to change their passwords after learning that their personal information was inadvertently disclosed.
The Register broke the story after receiving confirmation via email that a file on a third-party server, which contained hashed passwords, emails, and names for the data.gov.uk website, had been made publicly available.
The Government Digital Service attested to having taken the required steps to remove material from the public domain right away.
The Information Commissioner's Office, a data protection watchdog, was also notified of the data breach by the GDS.
Source: https://securityaffairs.com/60544/data-breach/uk-gov-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/uk-government
"id": "ukg212251123",
"linkid": "uk-government",
"type": "Breach",
"date": "06/2017",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Public Sector',
'location': 'United Kingdom',
'name': 'Government Digital Service (GDS)',
'type': 'Government Agency'}],
'attack_vector': 'Inadvertent Disclosure',
'customer_advisories': 'Urged users to change their passwords',
'data_breach': {'personally_identifiable_information': ['emails', 'names'],
'type_of_data_compromised': ['hashed passwords',
'emails',
'names']},
'description': 'Users of the government data dashboard are urged to change '
'their passwords after learning that their personal '
'information was inadvertently disclosed.',
'impact': {'data_compromised': ['hashed passwords', 'emails', 'names']},
'references': [{'source': 'The Register'}],
'regulatory_compliance': {'regulatory_notifications': 'Information '
"Commissioner's Office "
'(ICO)'},
'response': {'communication_strategy': 'Urged users to change their passwords',
'containment_measures': 'Removal of material from the public '
'domain'},
'title': 'Government Data Dashboard Data Breach',
'type': 'Data Breach'}