The London borough of Hackney Council has this morning announced it was the victim of a major cyber-attack currently affecting its systems.
The attack happened on Tuesday morning (13th October), and at this stage it is unclear who caused the attack, what information has been stolen or the impact of the breach.
Mayor Phillip Glanville said in a statement that the attack is “affecting many of our services and IT systems,” and that investigations are at an early stage.
He said that the council is “working closely with the National Cyber Security Centre (NCSC), external experts and the Ministry of Housing, Communities and Local Government” to investigate the incident.
“This investigation is at an early stage, and limited information is currently available. We will continue to provide updates as our investigation progresses,” Glanville said.
“Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.
“In the meantime, some Council services may be unavailable or slower than normal, and our call centre is extremely busy. We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues.”
In a comment to Sky News, an ICO spokesperson said: “People should be able to expect that their personal information is handled securely by any organisation. When it is not this can cause real distress – especially if it is sensitive information.”
Ransomware attacks are increasingly becoming a problem for organisations. Councils are particularly vulnerable as they hold information on millions of residents that could be accessed.
There have been several high-profile cyber attacks in 2020 alone, including the smartwatch firm Garmin, the attack on the Marriott Hotel, which is currently the third-largest data breach in history, and the ongoing Blackbaud hack.
- Open Up 2020 Challenge winners revealed
- Report reveals UK organisations need more consistent cyber resilience
- Leader Insights | The power of community with Alice Zagury, The Family
Blackbaud’s incident expanded beyond the initial attack on several Universities in the UK, Canada and the US, and began to affect several other organisations that used the cloud computing provider.
The Royal Zoological Society of Scotland (RZSS) and the National Trust were also targeted, as was the Bletchley Park Museum. Ongoing investigations have revealed that financial data may be stolen in the attacks, something the firm initially said was not the case.
Data from a cyber resilience report carried out by Accenture in September revealed that hackers target UK firms more often than their global counterparts, particularly during the pandemic.
Commenting on the report, Marshal Luusa, Accenture Scotland’s Security Practice lead, said: “Our research has uncovered some fundamental vulnerabilities still plaguing UK organisations.
“Trying to solve problems in isolation, particularly as businesses attempt to tackle the mounting pressures on their security teams as a result of the pandemic, further increases the risk.”