From YorkMix:
Hackers have obtained personal data belonging to users of York council’s environmental app, it has emerged this weekend.
City of York Council has contacted police and has permanently taken down its One Planet York app, following the data breach.
The app supported the council’s broader One Planet York programme, which seeks to reduce waste and improve the city’s environmental performance, but hackers contacted the council on November 1 to tell staff they had accessed users’ data.
Read more on York Mix. It’s not clear to me why the people who contacted the council to alert them are even being described by the news site as “hackers” without making clear that they appeared to be white hats or researchers. The report also says:
On 1 November 2018, a third party contacted the council and told us they had found a way to access personal data of those people who use the One Planet York app.