District businesses could be at risk of fraudulent activity after Harrogate Borough Council warned of a possible data breach.

The Stray Ferret has seen an email sent by the council’s Revenues Welfare and Customer Services department encouraging businesses to to monitor any suspicious financial transactions.

The extent of the breach is unknown, but the email said an online form had been used to try to apply for a restart grant against local business rates accounts.

One business owner, who wishes to stay anonymous, said the email did not give full details of exactly what information had been stolen, or how.

The source said they had already received two phishing emails before the council contacted them about the issue this afternoon:

“I’m shocked and it’s disturbing at what they could know. I’m concerned my banking details may have been seen because why else would [the council] tell us to monitor our banks?

“I’ve read it that someone has tried to take out a grant in my [business name]. They have to have got this information from somewhere.

“I don’t think the council is telling us everything, I think they are trying to water it down.”

Read more:

• Developer says it will seek full legal costs if the Wetherby Road drive-thru plan is approved by the planning inspectorate
• Harrogate Convention Centre events still go ahead despite lockdown delay

In hopes of protecting firms, the council said it had closed the affected business rates accounts and updated the online form, which is usually automatically filled with elements of a company’s details.

The business owner said they have been told not to call the council but instead send any complaints via email. They have already reported the incident to the Information Commissioner’s Office.

They said they had been told 440 businesses had been affected, but The Stray Ferret was unable to substantiate that number.

A council spokesman said:

“We have been made aware that an online form, used in relation to restart grants, has been used fraudulently.

“When attempts were made, information – including some that could be available via the Valuation Office Agency or Companies House – may have been auto-populated.

“As soon as this was discovered, we updated the online form to stop it from happening and ensured all information was secure.

“As a further precautionary step we have closed all affected existing business rates accounts and created new ones.

“Affected businesses do not need to take any further action – but should remain vigilant – and will receive confirmation of their new business rate account number in the post shortly.

“We’d like to apologise for any inconvenience this has caused and would like to reassure businesses that no bank details have been shared.

“When processing restart grants we have a number of additional checks in place that prevent people from receiving any government grants that they have tried to claim fraudulently.”