The Byron Shire Council says it’s engaged the NSW state government’s Cyber Incident Response team for help investigating a data breach on its development application cyber tracker.
A council statement on Friday described ‘some internal development related documents being viewable on the DA Tracker public web portal’.
The portal allows users to track the progress of development applications.
The privacy leak happened as part of an upgrade on 24 April, the statement read.
Byron Shire Council Manager of Business Systems and Technology Colin Baker was quoted saying access to the portal was temporarily suspended once the council became aware of the issue.
10,000 docs exposed for five days online
Speaking to The Echo on Monday, Mr Baker said it was a member of the public who first notified the council of the data leak, five days after the upgrade.
The internal documents were reportedly removed on 29 April.
‘We know that there’s just over 10,000 internal development related documents that were exposed on the public website for a period of five days,’ Mr Baker said.
‘We’re working our way through those documents to understand exactly what content they contain,’ he said, ‘and the impacts that may have for the residents, potentially’.
‘Personally identifiable information, such as an email address and mobile number, is our greatest concern at present,’ he said.
‘Human error’ leads to private details, internal reports published online
Mr Baker said the council was contacting anyone directly impacted, and following other mandatory reporting requirements, but anyone concerned was invited to call him directly on 02 6626 7347.
Public submissions on developments had been leaked, Mr Baker told The Echo, that included personal email address and telephone numbers.
‘There’s also internal staff correspondence and reports that are for internal use only,’ Mr Baker said, ‘and there’s consultant reports that can be confidential’.
Human error had led to the incident, he said, but an incident report with recommendations was being reviewed.
‘We’ve already conducted an internal review of the process was followed,’ Mr Baker said, ‘I’ve received that report and there’s recommendations on what we need to put in place so that doesn’t happen in the future’.
Mr Baker said the ‘key improvement area’ was better quality control and risk management, with more thorough testing of future upgrades.