Data stolen in cyber attack on London local authority ‘has been published’

Criminals responsible for a cyber attack on Hackney Council’s  IT systems have now published some of the stolen data, according to the London borough.

The council yesterday provided an update on the investigation into the October attack, which caused widespread disruption to public services.

In a statement, it said some of the stolen data has been published online, but is not available on a “widely available public forum” and is not visible through search engines.

The council has not made it clear at this stage what types of data have been published, but a council spokesperson said experts believed it is a “limited” amount.

“At this stage, it appears that the vast majority of the sensitive or personal information held by the council is unaffected, but the council and its partners are reviewing the data carefully and will support any directly affected people,” he said.

Philip Glanville, the mayor of Hackney, said the council and its partners are working as quickly as possible to assess the data released and take action, including informing those who are affected. The council is working with the National Cyber Security Centre, National Crime Agency, Information Commissioner’s Office and the Metropolitan Police.

As PrivSec Report noted last year, the Hackney incident is just the latest in a series of major cyber breaches affecting local government in the UK.

Since last year, Hull City Council has suffered 10 serious cyber-attacks, while an a ransomware attack on Redcar & Cleveland Borough Council last February left 135,000 residents without online public services for a week.

The IBM X-Threat Intelligence Index 2020 noted that attacks on government have increased, with local government targeted specifically.

It said: “Municipal governments have particularly come under attack in recent years, as cybercriminals seek to collect extortion money from organizations that are less likely to be as secure as those in the private sector.”

“Attacks on these types of organizations often caught them unprepared to respond, more likely to pay a ransom, and in some cases under extreme stress to recover from the attack due to threat to public safety and human life.” Government is now the sixth most targeted area, according to the index.

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.