City council says confidential documents shared online after cyber attack

4 April 2024, 12:34

A woman using a laptop
Cyber threat report. Picture: PA

Leicester City Council was targeted by hackers last month.

Leicester City Council has said confidential documents stolen from its servers in a cyber attack have been published online by hackers.

The unitary authority was targeted last month in an attack which forced it to close down its IT systems.

In an update on the incident, the council said it had been made aware that a ransomware group had posted “around 25” confidential documents online, including rent statements, applications to purchase council housing, and ID documents such as passport information.

It said it was “not able to say with certainty” whether other documents had been stolen during the cyber attack, but said it was “very possible that they have”.

It has been reported that the ransomware gang known as INC Ransom has claimed responsibility for the cyber attack and published the documents online – the same group which admitted carrying out a cyber attack on NHS Dumfries and Galloway last month.

Leicester City Council’s strategic director of city developments and neighbourhoods, Richard Sword, said: “We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group.

“This group is known to have attacked a number of government, education and healthcare organisations.

“This relates to the cyber incident identified by the council on 7 March, which led to us closing down our IT systems.

“At the moment we are aware of around 25 or so confidential documents that have been published online. They include rent statements, applications to purchase council housing, and identification documents such as passport information.

“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the Information Commissioner.

“We realise this will cause anxiety for those affected, and want to apologise for any distress caused.

“At this stage we are not able to say with certainty whether other documents have been extracted from our systems, however we believe it is very possible that they have.

“We are continuing to work with the cyber crime team at Leicestershire Police and the National Cyber Security Centre as part of this ongoing criminal investigation.

“As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”

The council said most of its systems and phone lines are now back online following the attack, and there is no reason for concern about conducting business as usual.

Cyber security experts have urged other organisations to be vigilant in the wake of the attack.

Oliver Spence, chief executive of cybersecurity firm Cybaverse, said: “Given the UK Government has very publicly voiced its commitment to never do business with ransomware actors, it’s hard to imagine INC would be expecting a payout from these attacks.

“This could suggest the gang is motivated by damage, rather than money, which means more public bodies could be on its target list.

“Ransomware is today’s most damaging attack vector, so all organisations must work hard to improve their defences. Organisations must test their systems to identify vulnerabilities, so they can be patched and mitigated before they cause harm.

“They must train employees so they can spot malicious activity before they open emails or click on links. This includes phishing emails generated via AI. Employees must be taught to use caution consistently online, even when sites or emails look realistic.

“Furthermore, organisations need to manage their security more efficiently, so weaknesses can be more easily spotted.

“This can be achieved using tools which provide a unified view on their security posture, allowing teams to more easily spot weaknesses or vulnerabilities and then remediate them before they cause harm.”

By Press Association

More Technology News

See more More Technology News

A suited office worker passing a street sign for Parliament Street and Whitehall in Westminster

Civil Service ‘Humphrey’ AI tools aim to cut back spending and speed up work

The TikTok app logo displayed on a mobile phone screen

Cat videos not a security threat, says minister as he rules out UK TikTok ban

The ban is due to come into force on Sunday (James Manning/PA)

Don’t follow America with TikTok ban, says Alba MSP

The US Supreme Court rejected TikTok’s appeal and unanimously upheld the law banning the app (PA)

‘No plans’ for UK TikTok ban

TikTok content creators have blasted the Supreme Court's ruling to ban TikTok in the US

Content creator in the US compares the TikTok ban to 'prohibition' as others decry Supreme Court ruling

A UK licence card with the older paper counterpart

Ministers set to unveil plans for digital driving licences

TikTok logo on a black screen on a phone which is being held in front of a computer keyboard

British content creators call looming US TikTok ban ‘deeply unfair’

A mobile phone showing the TikTok app

Q&A: What does the future hold for TikTok?

TikTok has been banned in the US.

TikTok to be banned in the US from Sunday, Supreme Court rules

Apple artificial intelligence

Apple pauses AI-generated news alerts over inaccuracy issues

The Nintendo Switch console (Game/PA)The Nintendo Switch console (Game/PA)

Lisa Nandy reveals she has ‘put a lot of hours’ into video game Animal Crossing

Nintendo Switch 2

Nintendo Switch 2 to be released in 2025

A child using a mobile phone

Age verification to be required on any site hosting pornography, Ofcom says

A general view of Chat GPT website

ChatGPT users can now give it tasks to do in the future

A phone displaying the Twitter account for Elon Musk

Elon Musk sued by US markets regulator over Twitter stake disclosure

Elon Musk is being sued for failing to disclose his purchase of Twitter stocks before buying the company in 2022, which ‘allowed him to underpay’ by at least $150m (£123m).

US sues Musk for failing to disclose Twitter stock holdings to buy platform at ‘artificially low prices’