Merseyside taxis drivers left 'totally exposed' after 'massive' data leak

Generic photo of taxis queuing at a taxi rank
-Credit: (Image: Reach Publishing Services Limited)


Taxi drivers licensed in one area of Merseyside have been left feeling 'totally exposed' after a 'massive' data leak resulted in their full names and home addresses being published online. The information breach was brought to Sefton Council's attention earlier this week and has now been rectified, but not before the borough's licensed drivers had their personal information publicly disclosed.

Sefton council has an information resource which includes businesses addresses for companies such as private hire taxi firms such as Delta and Uber. In addition to this, the local authority implemented a new Taxi Licensing computer system which went live in April this year and allowed new and existing taxi drivers to apply for operating licenses in the borough.

As the data breach was discovered on Thursday September 5, it's possible the personal information and home addresses of thousands of taxi drivers has been available online for the last five months. The ECHO put this question to Sefton Council but no confirmation of timescale was confirmed.

READ MORE: 'Rumours’ circulate about The Strand as Bootle set for transformation

READ MORE: Grieving mum upset at 'rollercoaster of potholes' on way to daughter's grave

A spokesperson for Sefton Council said: “We were made aware of an issue on our taxi licensing website that meant personal information of some of our taxi drivers could be viewed by users. As soon as this issue was identified, the information was removed."

This is little comfort to people like John McAteer who is a registered and licensed driver working in Sefton. John was made aware of the data breach when his friend and colleague alerted him to the problem. He said: "I have a law degree so loads of drivers come to me looking for general advice so one of my friends messaged me asking about a possible data leak and said it looked like everyone's name and address had been published on the Sefton Council website.

"So I went to the website straight away and couldn't believe my eyes! There it was, my name and address and the name and addresses of other drivers I knew. My first thought was for female taxi drivers and some stalker knowing their address. The scope for damage is huge. Massive.

"I contacted the council straight away because I knew what a serious breach it was and it had left us as drivers totally and fully exposed. No one can tell us how long our personal information was up for.

Like every other organisation, Sefton Council have a stipulated data protection policy which confirms their obligation to keep all personal information private. However, it is clear there has been a breach of this policy and the potential ramifications are cause for huge concern for John and his colleagues.

According to a report by Norton Security, fraudsters can use an individual's address to target them with phishing scams through physical mail, send fake bills, pretend to be a government agency and demand money or devise other scenarios to trick people into sending money or information.

John added: "It's not just the possibility of scams either. I'm a taxi driver and sometimes we can get unruly customers who become aggressive and offensive.

The thought of people like that having the home address of me and my family is causing me a great deal of anxiety to say the least. It has made me feel very vulnerable and exposed. I'm wondering whether there's people who I may have had arguments in the past turning up at my door. It's just madness."

Companies like SoftOrbits, founded by Eugene Ustinenkov, develop tools that can help companies encrypt and restrict access to data.

Hannes Jansen from SoftOrbits emphasised: "Data security is an ongoing process, but with the right tools and protocols in place, healthcare organisations can minimise the risk of breaches and protect patient confidentiality."

The ECHO has seen screen grabs and recordings taken from Sefton Council's licensing portal and can confirm individuals names and addresses were visible. Furthermore, the search function not only allowed you to find the home address of drivers using their name, but a post code search of the first three digits e.g. L20 would reveal the full names and home addresses of all Sefton licensed drivers living in that area.

The spokesperson for Sefton Council added: “[We] would like to apologise to anyone affected by this.

"We are currently carrying out an urgent investigation with our provider to understand how this incident occurred and steps that need to be taken to prevent it happening again.”