UK: York council alerted that people’s personal info from council phone app was accessible to others

From YorkMix:

Hackers have obtained personal data belonging to users of York council’s environmental app, it has emerged this weekend.

City of York Council has contacted police and has permanently taken down its One Planet York app, following the data breach.

The app supported the council’s broader One Planet York programme, which seeks to reduce waste and improve the city’s environmental performance, but hackers contacted the council on November 1 to tell staff they had accessed users’ data.

Read more on York Mix. It’s not clear to me why the people who contacted the council to alert them are even being described by the news site as “hackers” without making clear that they appeared to be white hats or researchers. The report also says:

On 1 November 2018, a third party contacted the council and told us they had found a way to access personal data of those people who use the One Planet York app.

Revealed: Afghan data breach after MoD official left laptop open on train
Canada says hacktivists breached water and energy facilities
UK: FCA fines former employee of Virgin Media O2 for data protection breach
Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker
China Amends Cybersecurity Law and Incident Reporting Regime to Address AI and Infrastructure Risks
Alan Turing institute launches new mission to protect UK from cyber-attacks

Related: