Thousands of taxpayers' personal details potentially exposed online through councils' debt-chasing texts

2021-03-23 11:08

Bulk SMS messages sent by local councils across the UK contained weblinks leading to pages that freely exposed to the public thousands of taxpayers' names, addresses, and outstanding debts, The Register can reveal.

Text messages sent by Telsolutions Ltd on behalf of a dozen local authorities contained shortlinks to webpages urging council tax defaulters to pay up - and in a dozen cases seen by The Register there was little or no authentication protecting personal data from prying eyes.

Faced with defaulters, councils have turned to text messages for chasing those who haven't paid on time.

We counted 14 councils using the system, of which just under a dozen were exposing personal data with few or no meaningful controls.

Councils responsible for the personal data exposure were hardly apologetic when The Register asked what they had to say for themselves.

Coventry City Council told us: "Telsolutions is used by a number of local authorities and throughout the debt recovery industry. Telsolutions confirm that late in 2020 they discovered an issue with their system which potentially enabled people to access details about council tax payers even if they were not the recipient of such a reminder. In order to access the information a person would need to obtain the postcode for the intended recipient."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/23/council_tax_texts_exposure/

#online