Sefton Council's taxi licensing system leaks taxi drivers data

On September 5, 2024, a data breach was discovered involving the Sefton Council's taxi licensing system, which leaked the full names and home addresses of licensed taxi drivers in the Merseyside area.

The data breach was brought to the attention of Sefton Council after drivers discovered their personal information had been published online. The breach appears to have affected thousands of taxi drivers licensed in the Sefton area, including drivers from private hire firms such as Delta and Uber. It is suspected that the exposed information has been accessible for up to five months, dating back to the launch of Sefton Council's new Taxi Licensing computer system in April 2024.

The breach occurred on Sefton Council's taxi licensing website, which inadvertently allowed users to access sensitive personal information. The website's search function enabled users to:

• Find the home address of any licensed driver by entering their name.
• Use a partial postal code (e.g., "L20") to reveal the full names and home addresses of all drivers within that area.

The exposed data included:

• Full names of licensed taxi drivers.
• Home addresses of these drivers.

The number of affected individuals is not disclosed and the council has not confirmed the exact timeline of the breach.

After being alerted to the breach, Sefton Council promptly removed the sensitive data from its website and issued a public apology to those affected.