School hacking
“We are sorry this has happened and want to reassure residents we take matters such as these seriously." iStock

A local council in the UK has come under fire after inadvertently publishing the names of 'hundreds' of people across South West London who received benefits payments from the government in recent months, leading to calls for an urgent investigation to be launched.

The leak, published on Sutton Council's website, allegedly listed the names and payments of recipients who had received allowances in May and June this year for disability, adoption, fostering, day care services and special needs education that amounted to more than £500.

A source told the Sutton Guardian newspaper: "The May and June data files were blocked and made unreadable on the council's website at about 11am today (17 July)."

The contact claimed the unredacted information had been online since at least 6 June. It remains unconfirmed how many people were impacted in the leak.

A council spokesperson told IBTimes UK: "Officers are still going through the documents to ascertain the total number of people affected. We are talking about a few hundred, rather than into the thousands."

A Sutton Council spokesman said: "Sutton Council was made aware of a potential data breach involving the inadvertent publication of the names of individuals in receipt of payments from the Council.

"No other personal information has been released. We immediately removed the data in question upon discovering this breach.

"As part of our agreed internal policies we are carrying out an investigation and are in contact with the Information Commissioner's Office (ICO). We will of course do everything we can to help the ICO should they wish to make further enquiries.

"We are sorry this has happened and want to reassure residents we take matters such as these seriously. We are reviewing our processes to take all steps necessary to avoid any instance such as this happening again."

'Vulnerable' victims impacted

Councillor Tim Crowley, leader of the Sutton Conservatives, said: "It is a very concerning development although I am sure this is a mistake rather than deliberate. The Data Protection Act is in place to protect most of the individuals who have been identified by this leak.

"They are, in the main, the most vulnerable members of the community and publishing this data could lead to those individuals being made to feel even more vulnerable and exposed.

"Today I will be calling on the CEO of Sutton, Niall Bolger, to launch an immediate inquiry into how this occurred and to put in place controls and processes that ensure that such a breach cannot happen again. I gather the ICO have been informed and they too will be launching an investigation."

Crowley made his comments to the Sutton Guardian. The ICO confirmed to IBTimes UK that the council had been in contact. The office is the UK's primary breach watchdog and has the power to issue fines of up to £500,000 to those found to have breached data protection laws.