York council app users hacked: Nearly 6,000 affected Published duration 20 November 2018

image caption City of York Council said it could not say what had happened to the data

Nearly 6,000 people may have had their personal data breached after a council app was hacked.

The One Planet York app was hacked by someone who found a way to access phone numbers, encrypted passwords and addresses of those using it.

The app allowed users to check bin collection dates and recycling advice.

City of York Council has written to users to say it "deeply regrets" the breach, and the matter has been reported to North Yorkshire Police.

It said it was contacted by a hacker who said they had found a way to access the data of people using the app. The council said it could not say what the person responsible had done with the information.

A letter from the council to app users reads: "We value your privacy and deeply regret this incident occurred.

"We have conducted a thorough review of the One Planet York app, we have deleted all links with the app and as a result, will no longer support it going forward.

"We have deleted it from our website and asked for it to be removed from the app stores and ask that you now delete it from your device.

image caption The One Planet York app is no longer available to download

"We cannot say for certain what the third party responsible has done with the data."

A council spokesman said 5,994 records were contained in the app and could have been breached.

Ian Floyd, deputy chief executive at the council, said: "On November 1 2018, a third party contacted the council and told us they had found a way to access personal data of those people who use the One Planet York app.

"The data accessed included personal information such as names, addresses, postcodes, email addresses and telephone numbers together with encrypted passwords.

"To our knowledge, the data accessed did not include any further sensitive information.

"In addition, the One Planet York is isolated from other council systems and therefore unable to access other personal data."