Government Data Website Suffers Security Breach

The government’s data.gov.uk website has suffered a security breach which has resulted in the leak of a database of usernames and email addresses.

The Government Digital Service (GDS) has informed the Information Commissioner’s Office (ICO) of the leak and is also telling users to change their passwords after the personal information was found on a public system during a routine review.

Speaking to the BBC, a GDS spokeswoman said the breach only affected data.gov.uk accounts and that people with accounts for other government sites had not been impacted.

Gov breach

The spokeswoman also confirmed that user’s names and addresses were not at risk of theft as the leak only affected email addresses, usernames and hashed passwords.

The GDS is making users change their passwords out of precaution as there is currently no evidence that the credentials have been misused, but has warned users to be cautious of opportunistic cyber criminals.

This security leak is the latest in several security incidents to have hit the UK government. Last weekend the British Parliament was hit by a “sustained and determined” cyber attack that targets MPs email accounts.

Security experts said such an attack had been “a matter of time”, coming just weeks after the NHS had been severely affected by the WannaCry ransomware virus that quickly spread to organisations around the world.

But it’s not just an issue affecting Britain. Earlier this month the US government accused North Korea of carrying out state-sponsored cyber attacks on American businesses and critical infrastructure, after Russia President Vladimir Putin denied similar accusations.

At the RSA security conference in February Microsoft President Brad Smith called for the world’s governments to join forces in the cyber battle but, with nation-state hacking seemingly on the rise, any such agreement feels a long way off.

Quiz: The triumph and the tragedy of public sector IT