Personal details of around 1,400 disabled people, foster parents and carers were published online by mistake – leaving fraudsters free to abuse them for seven years.
West Sussex County Council accidentally left their details available online for years on end after issuing them their social care benefits, reports the Brighton Argus.
The council, based in Chichester, always releases details of any payments it makes over £100 – despite the Government only requiring them to report ones over £500.
But West Sussex failed to remove the names of the vulnerable people and their carers they had paid in error, leaving them on their website on an Excel spreadsheet.
West Sussex County Council left personal details of 1,400 vulnerable people online for seven after paying them their benefits. File image used
The authority has launched an investigation after the news came to light and claims the information was removed within ’29 hours’ of it being reported.
Watchdog the Information Commissioner’s Office has been informed and is also investigating.
A spokesman for West Sussex County Council said only the names of benefit claimants were published.
They told MailOnline: ‘As soon as the problem was reported to us, we removed the spreadsheet from the website in under 29 hours.
‘Although the spreadsheet contained transaction numbers and payment amounts, the only personal details recorded were names.
‘We would like to reassure residents that the spreadsheet did not contain any sensitive personal data which would put individuals at risk in the event that identification through data matching with alternative sources was carried out.’
The local authority is required to publish payments it makes over £500, but forgot to remove the data, breaching Government rules. Pictured is council leader Cllr Louise Goldsmith
The spokesman admitted fraudsters could have used the names for their own gain, saying: ‘We accept that persons seeking to identify individuals could do so in some cases by making additional checks through other data sources.
‘It is for that reason we removed the data.
‘As a local authority we are required to publish all expenditure data.
‘Our investigation is continuing and we will be carrying out further analysis of the data during this time closely following the guidance issued by the Information Commissioner’s Office.’
MailOnline has contacted ICO for comment.
The council has admitted the data could have been used to identify vulnerable people and removed it within 29 hours