City of Port Phillip leaks personal details in blunder

By on
City of Port Phillip leaks personal details in blunder

Incorrect graffiti reporter dataset online for seven months.

An unknown number of residents who reported graffiti to a Melbourne-based council have had their personal information inadvertently published on the federal government’s open data portal.

The City of Port Phillip council revealed the data breach on Wednesday, saying that names, phone numbers and email addresses were disclosed in its graffiti management dataset on

Property addresses “used to identify the location of the graffiti” were also accidently release “in some instances”, which the council said “may link the person reporting the graffiti to that address”.

The data was publicly accessible on - which contains more than 30,000 anonymised datasets - for seven months before it was taken down at the beginning of October.

“Council became aware of the breach on 5 October 2020 and in response conducted an internal investigation,” the council said.

“It was determined that the data breach started in March 2020.

“The dataset was immediately suspended from the website at 8.45 am on 5 October 2020, to prevent any further views/downloads.

“Council has endeavoured to directly contact any persons affected by this breach via email.”

A spokesperson told iTnews that "approximately 764 email addresses and 859 phone numbers were published", of which "53 percent of email addresses belonged to businesses and 28 percent of phone numbers were for landlines or 1300 numbers".

“For transparency, and because we take the protection of personal information very seriously, we reported all of these to the Office of the Victorian Information Commissioner,” the spokesperson added.

The council said the incorrect dataset was selected “during work to automate the generation of the graffiti dataset” and then accidentally approved for publication on

“As the data was open to the public, Council is not able to confirm who has accessed the data,” it added.

As a result of the accidental disclosure, the council said it had updated the process for publishing open data, and now included a “peer review and sign-off prior to publishing”.

It has also updated “automated generation of data”, so to include only “information that relates to the location of graffiti (street number, street name, suburb, postcode and date submitted)”.

“Council sincerely apologises for the disclosure of personal information and for any distress and inconvenience this may cause,” it said.

“Council regards the protection of personal information to be of great importance and makes every effort to safeguard personal information under its control.

“Council assures that this breach is being appropriately addressed by the organisation, and all endeavours will be undertaken to ensure that future breaches of this nature do not occur.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?