April the 7th a security patch was released in response to a new security loop hole for websites was discovered – the Heartbleed issue.
Amazingly one our Lib Dem volunteers after checking all our websites on the 8th then the checked Southwark Council website and email servers on the 9th and found they didn’t have this crucial software patch. Southwark Council have an awful lot of personal data from people registering with MySouthwark.
I immediately alerted Southwark Council officials first thing on the 10th.Half a day later officials responded that indeed they did have security holes and hoped to seal it that night on the 10th. They didn’t undertake the work until the 12th. We’ve avoiding speaking about this since to ensure Southwark have had time to fix everything.
Frankly it is shocking that for so many days Southwark Council exposed all its users and colleagues to this avoidable risk. It shouldn’t take Lib Dem volunteers to find this out and nudge you to fix such things. We should need to keep checking to make sure this essential work is completed.