Public Services > Central Government

GDS confirms leak of data.gov.uk user information

Neil Merrett Published 30 June 2017

Whitehall says details of users registered with data site before June 21, 2015 may have been wrongly published; claims no evidence of misuse

 

The Government Digital Service (GDS) says there is no evidence that the credentials of users of its data.gov.uk portal have been misused after personal information including hashed passwords were made accessible to the public via a third party system.

According to the government, the leaks from the data.gov.uk domain, which is used to provide information on a range of government service functions for research and development purposes, were discovered as part of a routine security review.

Select users' names, e-mail addresses and hashed passwords were among the details thought to have been accessible.  However, this was found to have only impacted users who had signed up to the service op to June 20, 2015.  The issue has been also reported to UK data regulator, the Information Commissioner’s Office (ICO).

It is understood that GDS has only recently discovered the leak, which is believed not to have impacted the data.gov.uk service.

“There is no evidence of misuse of anyone’s credentials and users have been asked to reset their passwords purely as a precautionary measure,” said GDS.

The leak has been confirmed during the same week that the British Academy and Royal Society issued findings calling for a rethink of data governance and management in the UK to ensure public confidence in how the public sector shares information.

The report, entitled ‘Data Management and Use: Governance in the 21st Century’, looked at the current landscape around data usage. The findings noted how the collection and management of information and new ways of utilising it had created difficulties in understanding and defining what sort of data should be classed as sensitive, as opposed to information that can be made freely available.

The report said that while existing data governance bodies in the UK were mostly capable of meeting upcoming challenges, there were key gaps that needed to be addressed.

It therefore recommended a new independent body be established to work alongside existing organisations like the Information Commissioner’s Office (ICO) to steward data governance on a wider national level.  This would include monitoring and evaluating projects and data mechanisms needed for transforming public service delivery.








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.