Data stolen from Hackney Council during a major cyber-attack last year has been published online, the local authority has revealed.
Cybersecurity experts assisting the Borough Council revealed that a ‘limited set’ of data has been released.
The local authority noted that this data is not visible through search engines on the internet. This means that the stolen data has likely been published on dark web forums; a popular tactic among cybercriminals and hackers.
“At this stage, it appears that the vast majority of the sensitive or personal information held by the Council is unaffected, but the Council and its partners are reviewing the data carefully and will support any directly affected people,” the Council said in a statement.
Commenting on the incident, Hackney Mayor Philip Glanville said: “It is utterly deplorable that organised criminals chose last year to deliberately attack Hackney, damaging services and stealing from our borough, our staff, and our residents in this way, and all while we were in the middle of responding to a global pandemic.”
Please find an update on Oct’s cyberattack & depressing news that we’ve been made aware data stolen has been published by the organised criminals responsible for the attack. It leaves us all clearly angry that they have continued the attack us in this way.https://t.co/xkLrZVxhdK
— Mayor of Hackney (@mayorofhackney) January 7, 2021
Glanville said the council is now working closely with partners to assess the leaked data and to take action. This will include informing individuals who have had personal information stolen, he revealed.
Council staff are also working alongside the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and the Information Commissioner’s Office to thoroughly investigate the incident.
Mayor Glanville conceded that while details are still yet to emerge regarding the type of data lost, the incident is a serious cause for concern.
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them,” Glanville said.
Patrick Arben, partner at law firm Gowling WLG, said the incident could significantly harm the local authority’s reputation and lead to a painstaking wait for residents potentially affected.
“Hopefully any loss of personal data will prove to be minimal. That said, clearly these types of attack cause reputational harm to the organisation affected and potential distress to customers and service users whilst they wait to discover whether their personal data has been compromised,” he said.
- British Airways data breach settlement could cost £2.4bn
- Scrap mobile data caps for education websites, BCS says
- Donald Trump sees social media accounts locked after Washington protest
Hackney Borough Council was hit by a devastating cyber-attack in October last year. The incident led to IT outages that lasted several weeks and affected thousands of residents, staff and impacted public services.
In particular, residents were hugely disrupted when the rent and service charge payment portal was taken out of action. After more than one month, the portal was still unavailable for residents.
Hackney Council was not the only local authority targeted in 2020. In February, Redcar and Cleveland Borough Council was hit by a ransomware attack which has since cost the local authority more than £10 million.
Carl Wearn, Head of E-Crime at Mimecast warned that cyber attacks against local authorities in the past year pose a serious risk to public services and citizen data.
“The continued and increasing number of cyber-attacks on public sector organisations such as Hackney Council is a growing cause for concern. Especially considering the public sector impacts so many lives and often holds sensitive personal data for millions of people,” he said.
“This makes the public sector a prime target for cybercriminals as attacks such as this can present significant consequences for society. The public sector relies on their reputation to gain the trust of the public to operate efficiently to successfully achieve running a town, region, or country with often limited budgets – which have been further squeezed due the pandemic,” Wearn added.