In what is becoming an all too frequent occurrence Newcastle City Council has admitted it accidentally exposed up to 54,000 credit and debit card details by posting them on an externally-accessible IT system.

The card details related to transactions made between February 2006 and April 2007, including payments of council tax, business rates, parking fines and rent. In a statement, the council said the information exposed was in an encrypted file and included names, addresses and credit card numbers.

No details of either PIN numbers or security code numbers were included in the file, says the council. There is no indication that any of the card numbers have been used fraudulently.

The vulnerability was revealed during a security audit, in which it was discovered an encrypted file containing the information had been wrongly placed on an insecure server and subsequently uploaded to a computer address registered outside the country.

Newcastle’s discovery is the latest in a string of security breaches in which extremely valuable or sensitive private data has been exposed.

Under the new Payment Card Industry standards, organisations that suffer credit card data breaches due to negligence or poor IT security will be fined or debarred from transacting credit cards entirely.