Raglanites who have made submissions to Waikato District Council on proposed by-laws and council plans have had personal data hacked. WDC has emailed affected Raglan and Waikato residents to let them know that they may be receiving more spam and phishing emails. Phishing emails attempt to lure people into providing bank account, credit card and other passwords.
The hackers got their hands on Raglan residents’ information when they cracked the international Typeform database used by WDC on its website.
A Waikato District Council spokesperson said, “It is possible that your name and your email address may have been downloaded by the attacker, so we recommend that you watch out more carefully for potential phishing scams (where you receive an email that looks like it is from a legitimate company, such as a bank, and asks you to click on links or enter personal details) or spam emails to the email address you used for our consultation. We apologise that this happened and we are reviewing our use of these systems as a result.”
The apology came from the WDC’s Marketing & Communication Manager. Surely an apology for a serious data breach like this should have come from the council’s CEO. Perhaps an offer of free parking in Bow Street should have been offered as part of the apology.
The spokesperson added, “This data breach by Typeform does not present any wider risk to Council’s data or any other details.”
The same data breach affected residents who gave their views on Hamilton City Council, Waikato District Council, and Waipā District Council proposals.
Full copy of Waikato District Council email sent on 4th July 2018
Hello,
You are receiving this email because you participated in one of our consultations. We received a message that the provider of our consultation site (Typeform) had a data breach. This affected one (or more) of the consultation forms we sent out to customers.
Typeform reports that an external attacker managed to get unauthorized access to respondent data and downloaded it. We are informed that Typeform responded immediately and fixed the source of the breach to prevent any further intrusion.
It is possible that your name and your email address may have been downloaded by the attacker, so we recommend that you watch out more carefully for potential phishing scams (where you receive an email that looks like it is from a legitimate company, such as a bank, and asks you to click on links or enter personal details) or spam emails to the email address you used for our consultation.
We apologise that this happened and we are reviewing our use of these systems as a result. This is an unfortunate risk associated with the use of online platforms for public engagement and consultation. We will do all we can to minimise this risk.
Please note that this data breach by Typeform does not present any wider risk to Council’s data or any other details.
If you have any other questions, feel free to contact us via consult@waidc.govt.nz.
Once again, our apologies for this third party data breach.
Regards,
Marketing and Communications Manager
Waikato District Council
Te Kaunihera aa Takiwaa o Waikato