The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.
According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.
The council purportedly became aware of the breach on 5 October 2020, and following an internal investigation it was determined that the data breach started in March 2020. The council has indicated that the breach is being appropriately addressed by the organization and that all steps will be taken to ensure that future breaches of this nature do not occur.
A further concern for the council, however, was that in some instances, the property address used to identify the location of the graffiti could link to the relevant individual who reported the graffiti to that address. We understand that getting your fence “tagged” by graffiti is frustrating for residents of the council. However, perhaps the virtual “spraying” of the complainant’s phone number, email and in some cases addresses would represent a far more concerning matter.
We will keep you updated on any further developments.