Anomaly in management tools could have allowed data to be visible and extracted.
Contact details of up to 200,000 may have been breached after a vulnerability was discovered in Neighbourhood Watch scheme management tools.
The police-backed alert system ‘In The Know’, used by Lancashire Police and Lancashire Fire & Rescue, is used to inform residents across Lancashire about recent crimes, safety advice and details of police events and operations.
It is possible that names, email addresses and telephone numbers were exposed. Chris Davis, managing director of In The Known operator VISAV said as soon as it became aware of the loophole, immediate action was taken to fix the issue.
"The anomaly was fixed immediately, and we decided to proactively and transparently notify every member of our system to inform them and provide guidance, including the 200,000 members that may have been impacted,” Davis told local news.
“We have also reported the issue to the regulator to support our own intensive investigation, launched with the support of external IT experts, and help prevent future risks.”
In an email to impacted members, Davis said there is no evidence that data was compromised, but acknowledged it could have been possible for a newly registered coordinator to inappropriately access the contact list of a scheme before it was approved.
He said: “We are confident that only a very small number of individuals accessed this information, and this was only to confirm the existence of the anomaly. We are working with the police to gather more information about these individuals and will update you on the developments.”
A spokesman for Lancashire Constabulary confirmed that no police databases were involved in the breach.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
