Redcar and Cleveland Borough Council has admitted that it is still struggling to resume services after being hit by a ransomware attack three weeks ago.
The malware infected its systems in early February with cybercriminals demanding money to restore them, potentially delaying offers of school places to children and putting public data at risk.
The council said it was “prioritising front-line services” after the attack and has built a new server and website, and created a temporary call centre to deal with complaints.
The council says it has been working with the National Cyber Security Centre and the National Crime Agency to determine who was responsible for the data breach.
Council leader Mary Lanigan told the BBC: “Significant progress has been made. All front-line services have continued, payments continue to be processed as normal, and there is no evidence so far to suggest any personal information has been removed from our servers.
“However, it may be some time before our IT capabilities are fully restored, which may mean frustration for the public in dealing with us administratively.”
Although the hack may delay the informing of parents and carers of school places, Lanigan said that the allocation of places would not be affected and that it expected primary admissions would be made on time.
She added: “As a council, we have always taken cybersecurity seriously, and we will continue to engage with the relevant authorities to ensure our systems are as secure as possible in the future.”
- FanDuel Founders and Former Employees to Sue Over ‘Rigged’ Deal
- Facebook Cracks Down on False Coronavirus ‘Cure’ Ads
- Police Must Prioritise Child Sexual Abuse Online Say Gov Inspectors
There were calls at the time of the initial attack of a serious review into the circumstances of the attack. Independent member Colin Monson described it as a “serious disaster”.
At a meeting of the council’s Governance Committee at the time, Monson said: “I think this history of what has happened over the last couple of days is a clear indication that disaster recovery systems across the authority need a serious review. This is a serious disaster, not just a little upset.”