Thank you for contacting the FOI Team.

This is confirmation that we have received your email. You should receive
a further acknowledgment shortly with a reference number.

Grab a copy of Your Brent Spring issue from any Brent Library or download
at [1]www.brent.gov.uk/yourbrent

[2][IMG]

══════════════════════════════════════════════════════════════════════════

The use of Brent Council's e-mail system may be monitored and
communications read in order to secure effective operation of the system
and other lawful purposes.

References

Visible links
1. https://www.brent.gov.uk/yourbrent?page=...
2. https://www.brent.gov.uk/yourbrent?page=...

Tel: 020 89371234
[1]brentlogo1 (227×84)   Email: [email address]
Web: [2]https://www.brent.gov.uk/your-council

Dear Jamie Dixon 

RE: Council data breaches since 2020 

Thank you for contacting the council on 29/02/2024.

Your case will be assigned to an officer and you should receive their
details soon.

Please use this reference number IRC-43185-T6Q9W8 when contacting us about
this case.

Please note that we may require further information in order for us to
proceed, in which case we will contact you. 

If you would like further information on how your case will be dealt with,
please visit our website: [3]https://www.brent.gov.uk/your-council 

Yours sincerely 
London Borough of Brent

Grab a copy of Your Brent Spring issue from any Brent Library or download
at [4]www.brent.gov.uk/yourbrent

[5][IMG]

══════════════════════════════════════════════════════════════════════════

The use of Brent Council's e-mail system may be monitored and
communications read in order to secure effective operation of the system
and other lawful purposes.

References

Visible links
2. https://www.brent.gov.uk/your-council
3. https://www.brent.gov.uk/your-council
4. https://www.brent.gov.uk/yourbrent?page=...
5. https://www.brent.gov.uk/yourbrent?page=...

 
[1]brentlogo1 (227×84)    
 

28 March 2024
 
 
Our Ref: IRC-43185-T6Q9W8

Dear Jamie Dixon

Freedom of Information Act 2000

Thank you for your information request received on 29/02/2024. This
request is being handled under the Freedom of Information Act 2000.

Your  request and our responses are set out below: 

Under the Freedom of Information Act, I would like to request the
following information.
- The number of data breaches your council has been victim to in the 2020,
2021, 2022 and 2023 calendar years.
 
Response:
 

Created Date 2020
   
Row Labels Count of Incident Type Name
Card Payment (PCI Breach) 2
Denial of Service Attack 1
Disclosed in Error 38
Loss/Theft 8
Sent to Wrong Recipient (Post or email) 21
System Misuse 2
Unauthorized Alteration 1
Unauthorized Disclosure of Information 10
Wrong Recipient 37
Grand Total 120

Created Date 2021
   
Row Labels Count of Incident Type Name
Denial of Service Attack 2
Disclosed in Error 24
Loss/Theft 1
Network Scanning/Probing 1
Sent to Wrong Recipient (Post or email) 33
Unauthorized Disclosure of Information 16
Grand Total 77

Created Date 2022
   
Row Labels Count of Incident Type Name
Card Payment (PCI Breach) 2
Disclosed in Error 31
Loss/Theft 1
Sent to Wrong Recipient (Post or email) 33
Unauthorized Disclosure of Information 7
Grand Total 74

Created Date 2023
   
Row Labels Count of Incident Type Name
Disclosed in Error 39
Loss/Theft 2
Sent to Wrong Recipient (Post or email) 55
System Misuse 1
Unauthorized Disclosure of Information 6
User Account Compromise 1
Grand Total 104

 
- How many people were affected by each data breach.
 
Response: From our preliminary assessment, we have estimated that it will
cost more than the 'appropriate limit' to consider your request.
Section 12 of the Freedom of Information Act 2000 (FOIA) makes provision
for public authorities to refuse requests for information where the cost
of dealing with them would exceed the appropriate limit, which for this
authority is £450. This represents the estimated cost of one person
spending 18 hours, at a cost of £25 per hour,  in determining whether the
department holds the information, locating, retrieving and extracting the
information.
This constitutes a refusal notice under Section 17 of the Freedom of
Information Act for this part of your request.
 
A  means a breach of security leading to the accidental or unlawful
destruction, loss, alteration, unauthorised disclosure of, or access to,
personal data. This means that a breach is more than just losing personal
data.
- Malware attack
- Phishing attack
- Brute force attack
- SQL injection attack
- Business Email Compromise (BEC)
- Stolen information

If you are dissatisfied with the way in which your request has been
handled or the outcome, you may request an internal review within two
calendar months of the date of this response by writing to the following
address:

Freedom of Information
Brent Civic Centre
Engineers Way
Wembley
HA9 0FJ

[2][email address]

If you remain dissatisfied with the handling of your request or internal
review, you have a right to appeal directly to the Information
Commissioner for a decision. The Information Commissioner can be
contacted at:

The Information Commissioner's Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF. Phone: 0303 123 1113

Website: [3]www.ico.org.uk

I will now close your request as of this date. 

 
Yours sincerely 
 
 
 
Dorothy Watson
FOI Lead Officer

══════════════════════════════════════════════════════════════════════════

The use of Brent Council's e-mail system may be monitored and
communications read in order to secure effective operation of the system
and other lawful purposes.

References

Visible links
2. mailto:[email address]
3. http://www.ico.org.uk/