NORTH Yorkshire County Council (NYCC) had 259 data breaches from September 2021 to September 2022. 

The number of data breaches was revealed by a freedom of information request submitted to the county council on November 30, 2022.

There were 66 data breaches from October to December 2021, 72 from January to March 2022, 59 from April to June 2022, and 62 from July to September.

NYCC defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.”

READ MORE: Tree trail to remember those who lost their lives to Covid in North Yorkshire

A spokesperson for the county council was unable to say the type of data that had been lost or stolen - or confirm if any had been at all.

Cllr David Chance, executive member for corporate services at NYCC said he had not received a breakdown of the data breaches, but “suspected they are relatively minor and down to human error, given the number of cyber-attacks, phishing emails and trojans”, which are blocked daily.

York Press: Cllr David ChanceCllr David Chance (Image: Supplied)

In answer to what is being done about these breaches, a NYCC spokesperson said the council has mandatory cyber security training in place for staff and regularly sends out newsletters and updates on the matter.

Cllr Chance added: “Every data breach is assessed for its risk to the data subjects, the SIRO (Senior Information Risk Owner) is alerted, and the responsible service area makes mitigations to reduce the risk of that data breach re-occurring or reduce the risks if it does reoccur.

'Extremely difficult' for training to cover all issues 

He said that every case is different so it would be “extremely difficult” to provide training covering all of the breaches, but did suggest key areas for training.

These include adapting processes to reduce personal data being transmitted, adopting “file naming conventions” so it is easier to identify correct files, and disabling email address autofill.

READ MORE: BBC viewers say ending of Happy Valley was 'rushed' with storylines unresolved

Cllr Chance explained that training using a Boxphish training package has been sent out to users, but “is not mandatory”.

At present, he said the council is “seeing around 43 per cent (22,259) of users completing the courses”.

Five laptops and one tablet lost or stolen

The FOI request also revealed that from September 2021 to September 2022 there had been five laptops and one tablet lost or stolen from NYCC – all of which were encrypted and password protected.

The county council spokesperson said the cost of replacing this equipment was £3,964.64 and was paid from the council’s IT hardware budget.

York Press: From September 2021 to September 2022 there had been five laptops and one tablet lost or stolen from NYCCFrom September 2021 to September 2022 there had been five laptops and one tablet lost or stolen from NYCC (Image: Pixabay)

Cllr Chance said: “Given that we have over 15000 employees I consider that the loss/theft of equipment is within acceptable parameters, though we should strive for no loss at all.

“I am not aware that the loss of these pieces of kit was responsible for any data loss.

READ NEXT: Retailer to close two North Yorkshire stores

“Access to hard drives is restricted to necessary use and all drives are segmented accordingly.”

The FOI request further revealed that the county council does not have an existing cyber insurance policy in place.