Posted: Thu 30th Jul 2020

Updated: Fri 31st Jul

Flintshire Council issues statement following “major data breach” after personal details of residents were exposed on its website

News and Info from Deeside, Flintshire, North Wales
This article is old - Published: Thursday, Jul 30th, 2020

Flintshire Council has issued a statement following what one Member of the Welsh Parliament has described as a “major data breach.”

The incident happened on Wednesday when the personal details of people who responded to a consultation were uploaded to the Local Development Plan (LDP) section on the council’s website and left exposed to the public.

The LDP, a key housing blueprint for Flintshire sets out locations where up to 7,000 new homes could be built in the county over the next decade whilst protecting key green spaces and parks from development.

Councillors agreed to put the LDP out to consultation in July last year.

Since then the council’s Planning Policy Service has been working remotely due to the coronavirus outbreak which has delayed the progress of the LDP.

Without an LDP in place, the community loses some protection against development.

The council said the names and addresses of individuals who have made responses to the LDP consultation were contained in a document and uploaded on Wednesday.

Those personal details “could be accessed for a period of several hours” following publication, the council has admitted. 

The statement said that personal details were “hidden from public view when the document was created, and could only have been uncovered with a conscious effort to remove that protection.”

The council said the software used to protect the details “was not adequate” and once the risk was known the documents were taken down.

“They have since been protected with different software.” The council said.

The statement goes onto to say: “Having checked our website visitor records we can see that only a few people accessed the document in this short period. Once we became aware of the problem we acted swiftly to correct the document and to prevent further access to the personal data.”

The council says it takes the issue of the security of personal information “extremely seriously” and has launched an investigation to find out how the personal details in the document were able to be accessed.

It hasn’t revealed how many names were left exposed on its website. 

Flintshire Council will now consider whether to refer itself to the Information Commissioner’s Office.

“The individuals whose details were included in the document will be contacted, and we are considering whether this matter needs to be reported to the Information Commissioner’s Office, with whom we maintain a positive and trusting working relationship.” The council said.

Welsh Conservative Shadow Minister for Local Government, Housing and Communities, Mark Isherwood MS, described the incident as a “major data breach”

“This GDPR breach is just the latest event in a saga that is Flintshire’s LDP.”

Spotted something? Got a story? Send a Facebook Message | A direct message on Twitter | Email:


Wales set for Alert Level Two on Monday – “By sticking with the rules and our successful vaccine programme, we are making really good progress”


Welsh Government reshuffle “New top team to lead Wales into a brighter future”


Planning for more than 350 homes on former RAF Sealand site submitted


Cycling and walking path between Deeside and Cheshire closed on Thursday for emergency repair work


Police investigating comment posted on social media following tragic death of a Blackpool youngster


Emergency services plea for public to “work with us, not against us” after rise in assaults on frontline workers


Asda launches national food drive calling on customers to help people struggling with food essentials


Mark Drakeford confirmed as First Minister by new Senedd


Cymru Knievels to set off on a 1,070 mile charity ride across North Wales later this month