The information that was stolen has been published to the dark web.
Data stolen during a cyber-attack against a London council last year has been leaked online by the hackers liable for the attack.
Hackney council, which provides services for 280,000 residents in the UK capital, was hit by what was labeled a “serious” cyber-attack last October, taking many IT systems out of operation, with some still disrupted currently.
It now appears that the information that was stolen during the attack has been published to the dark web by the criminals, although the council said that only a limited set of data was at risk. According to the council’s latest update, the documents haven’t been leaked to a “widely available forum”, and aren’t visible through search engines on the web .
The Mayor of Hackney Philip Glanville said: “I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the info and take action, including informing people that are affected.”
“While we believe this publication won’t directly affect the overwhelming majority of Hackney’s residents and businesses, which will desire consolation , and that we are pitying the fear and upset this will cause them.”
While the bulk of sensitive and private information held by the council appears to be unaffected, Hackney council said that it’s working with the National Cyber Security Centre, the National Crime Agency, the knowledge Commissioner’s Office and therefore the Metropolitan Police to research what has been published exactly and assess which actions got to be taken.
Now several months after the attack happened, the exact nature of the intrusion is still unclear. The council has avoided disclosing details to form sure it doesn’t inadvertently assist the attackers.
Only legacy and non-cloud-based systems, such as making payments or approving licensing, have been affected, while newer services and systems linked to managing the Covid-19 pandemic have remained up-and-running.
Although many systems have since been fully or partially restored, the council has already said that it expects some services to remain unavailable or disrupted for the months to come.
Hackney council’s service status page still indicates that services are “significantly disrupted” due to a “serious cyber-attack”, and recommends that residents and businesses avoid contacting the council unless absolutely necessary.
For example, the council is currently unable to process applications for many sorts of licenses, to feature to the housing roll or for property tax reductions. Disruptions and delays to payment systems remain, as well as to claims for housing benefits. Voting preferences cannot be updated, and residents are currently unable to report noise complaints online.
Phone lines, however, remain open for essential help and emergency support.
“It is utterly deplorable that organised criminals chose last year to deliberately attack Hackney, damaging services and stealing from our borough, our staff, and our residents during this way, and all while we were in the middle of responding to a global pandemic,” said Glanville.
“Now four months on, at the beginning of a replacement year and as we are all responding to the second wave, they need decided to compound that attack and now release stolen data. Working with our partners we’ll do everything we will to assist bring them to justice.”
Last year also saw an attack on Redcar and Cleveland council in North East England, which affected 135,000 people and came at a price of quite £10 million ($13.5 million).