Islington Council in North London is facing an investigation after it sent out emails to residents applying for parking bay suspensions demanding their full credit card details - tapped-in to a plain-text Microsoft Word application form.
The credit card details demanded by Islington Council included the main 16-digit number, expiry date and even the three-digit CVV code, together with full names and addresses - not only everything a credit card thief could possibly need to drain an applicant's account, but putting them at risk of identify theft, too.
The form has now been withdrawn and an internal investigation launched.
All the information a hacker would dream of having all packaged up in one relatively easy to access place
The email almost certainly breaks the General Data Protection Regulation (GDPR), which came into force last month, and could attract a large fine for Islington Council from the Information Commissioner's Office (ICO).
However, the nature of the communication also indicates a worrying lack of infrastructure at the Council for spinning up websites capable of securely taking payments for services, as well as a lack of understanding of basic security.
Rashmi Knowles, field chief technology officer for RSA Security wasn't impressed: "Asking for financial information in a plain-text word document is, frankly, shocking and the council should really know better.
"This is a serious breach of PCI [Payment Card Industry] security rules, and could potentially fall foul of GDPR as well. Not only has Islington Council asked for card numbers, but also the holder's name, start and expiry dates and even the security code on the back of the card.
"In short, all the information a hacker would dream of having all packaged up in one relatively easy to access place. This type of information should always be encrypted, otherwise, it is very easy for a hacker to obtain.
"People will often put a lot of trust in councils and assume they know best, but this is a good example of the need for us all to be vigilant. If you are ever asked to provide this kind of information, always stop to ask questions and never share such information if it is not encrypted, even if it is a trusted partner that is asking you to."
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days