Credit cards blunder 'due to human error'

Nov 7 2007 by Paul James, The Journal

COUNCIL staff responsible for leaking the details of 54,000 credit and debit cards have escaped disciplinary action, it emerged last night.

The blunder saw details of payments saved on the wrong computer server at Newcastle Civic Centre, and totaled about 1.5m account records and 2m transactions.

They were later downloaded to a computer that has been traced to the Middle East, sparking a police investigation.

But yesterday Newcastle Council said the mistake in July was down to “human error” and that and that there was no conspiracy or intent from any employee to commit fraud.

There has been just one complaint to the council, and police investigators said they were happy nobody in Newcastle had lost money because of the security breach.

In a report to tonight’s (WED) meeting of the full council, Coun Peter Allen, who has responsibility for the council’s resources portfolio, said civic centre chiefs were happy they can “continue to receive payments with confidence”.

The payments concerned were made over the counter at the civic centre and the city’s customer service centres for council tax, rent, business rates and parking fines between April 2006 and February 2007.

The mistake came to light on July 19 after the council hired experts to see if they could crack its systems.

Their tests revealed that the encrypted file had been wrongly placed on an insecure server and subsequently uploaded to a computer address registered outside the country. The server was immediately closed down and independent security experts called in to help the council’s investigation.

In his report to fellow councillors, Coun Allen said: “To date, there has been one complaint to the council, and no confirmed cases of any fraud or loss attributable to the breach.

“Having briefed front line staff on the situation so they can speak with authority to members of the public raising the issue, some 70 people have asked about the matter - albeit none of these people complaining or suggesting that they had suffered loss as a result.

“The chief executive assured members that it is now clear that the original inappropriate release followed human error, and that there was no conspiracy or intent to defraud.

“The council is confident that the measures now in place make our systems properly robust so that we can continue to receive payments with confidence.”

Police said last night they were happy there have been “no losses or fraud” but have not finished their investigation.

At the time the leak was made public they said officers were “inquiring as to whether there have been any criminal actions by a third party”.

Last night a council spokesman said: “No action has been taken against any member of staff in relation to this error.”

But Nick Forbes, leader of the council’s opposition Labour group, said: “I don’t think that’s good enough. People need to know that the system is safe.

“It was either an individual error or system failure. Either way there should be change as a result but taking no action is abdicating responsibility.”

Detective Inspector Phil Butler, from Northumbria Police’s economic crime unit, said: “We have worked very closely with the council's internal audit department and had their full co-operation with this matter. We are satisfied there are no losses or fraud as a result.”