UK Government Reveals Personal Info During Consultation

The UK government just yesterday announced that it was opening up a 10-week consultation on proposed solutions to protect children from harmful content online. The Department for Education invited parents and the general public to sound off on the filter options that would see ISPs block porn and other harmful content unless the customer specifically said they didn't want such filters in place. However, it seems the DfE's consult has been taken offline after just one day because it was leaking people's personal information.

 

The Register was the first to report on the leak and writes that the Department for Education's website was exposing the email addresses, unencrypted passwords and sensitive answers of members of the public who filled in the survey and provided feedback.

"No URL manipulation was required," one reader told the Register. "Once I had completed the survey I simply clicked on the link to view my responses, and I was presented with another user's responses instead. I have reported this breach to the ICO [Information Commissioner's Office]."

The Register also contacted the DfE, and the site's Kelly Fiveash reports that their call was apparently the first the office had heard about the problem. The Department for Education has since shut down the consultation page, with a message declaring it's down for maintenance. The ICO commented in a statement that it had been made aware of the possible data breach and would be making inquiries about the incident.

Follow @JaneMcEntegart on Twitter.                      

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
10 comments
Comment from the forums
    Your comment
    Top Comments
  • Anonymous
    it should be illegal for any company to save unencrypted passwords anywhere
    10
  • Other Comments
  • kikireeki
    Upon that tragic incident I shall declare: LOL
    8
  • Anonymous
    Its ALWAYS for the kids huh?
    1
  • Anonymous
    it should be illegal for any company to save unencrypted passwords anywhere
    10