The City of Port Phillip has admitted accidentally publishing personal information on the data.gov.au website.

The data related to people who reported instances of graffiti to council. Their name, phone number and/or email address was exposed and, in some instances, the property address used to identify the location of the graffiti linked the person reporting the graffiti to that address.

According to an announcement on the Council Web site, it became aware of the breach on 5 October 2020 and in response conducted an internal investigation. It was determined that the data breach started in March 2020. The dataset was immediately suspended from the data.gov.au website at 8.45 am on 5 October 2020, to prevent any further views/downloads.

“Council has endeavoured to directly contact any persons affected by this breach via email.

“The initial published Graffiti dataset was correct and did not contain any personal details. However, during work to automate the generation of the Graffiti dataset, an incorrect version was selected. The accidental error led to the unapproved publication to the data.gov.au website. As the data was open to the public, Council is not able to confirm who has accessed the data.”

The council says the process for publishing open data has now been updated to include peer review and sign off prior to publishing.

“The automated generation of data has also been updated to only include information that relates to the location of the graffiti (street number, street name, suburb, post code and date submitted).”