Posted: Thu 30th Jul 2020

Updated: Fri 31st Jul

Flintshire Council issues statement following “major data breach” after personal details of residents were exposed on its website

News and Info from Deeside, Flintshire, North Wales
This article is old - Published: Thursday, Jul 30th, 2020

Flintshire Council has issued a statement following what one Member of the Welsh Parliament has described as a “major data breach.”

The incident happened on Wednesday when the personal details of people who responded to a consultation were uploaded to the Local Development Plan (LDP) section on the council’s website and left exposed to the public.

The LDP, a key housing blueprint for Flintshire sets out locations where up to 7,000 new homes could be built in the county over the next decade whilst protecting key green spaces and parks from development.

Councillors agreed to put the LDP out to consultation in July last year.

Since then the council’s Planning Policy Service has been working remotely due to the coronavirus outbreak which has delayed the progress of the LDP.

Without an LDP in place, the community loses some protection against development.

The council said the names and addresses of individuals who have made responses to the LDP consultation were contained in a document and uploaded on Wednesday.

Those personal details “could be accessed for a period of several hours” following publication, the council has admitted. 

The statement said that personal details were “hidden from public view when the document was created, and could only have been uncovered with a conscious effort to remove that protection.”

The council said the software used to protect the details “was not adequate” and once the risk was known the documents were taken down.

“They have since been protected with different software.” The council said.

The statement goes onto to say: “Having checked our website visitor records we can see that only a few people accessed the document in this short period. Once we became aware of the problem we acted swiftly to correct the document and to prevent further access to the personal data.”

The council says it takes the issue of the security of personal information “extremely seriously” and has launched an investigation to find out how the personal details in the document were able to be accessed.

It hasn’t revealed how many names were left exposed on its website. 

Flintshire Council will now consider whether to refer itself to the Information Commissioner’s Office.

“The individuals whose details were included in the document will be contacted, and we are considering whether this matter needs to be reported to the Information Commissioner’s Office, with whom we maintain a positive and trusting working relationship.” The council said.

Welsh Conservative Shadow Minister for Local Government, Housing and Communities, Mark Isherwood MS, described the incident as a “major data breach”

“This GDPR breach is just the latest event in a saga that is Flintshire’s LDP.”

Spotted something? Got a story? Send a Facebook Message | A direct message on Twitter | Email:


“I couldn’t be more angry about this”: North Wales politicians react to new coronavirus “fire break” lockdown measures


Overnight roadworks closes section of A55 in Flintshire


Wales “fire-break” – Household waste collections not affected in Flintshire but tips will close


Blacon High School forced to close until November following number of Covid cases among teachers and pupils


Suspending parking charges in town centres was “right thing to do”, says Flintshire councillor


Police appeal for info after youths hurl racist and homophobic abuse at three young boys in Hawarden


Couple from Flintshire fundraising for family friend diagnosed with terminal cancer


Two week ‘fire break’ in Wales will destroy many pubs warns trade body


‘Nobody in any job deserves to have to endure abuse’: MP hits back over offensive comments on Facebook