Leicester Council confirms ransomware attack
Hackers are now publishing stolen data
Leicester City Council has confirmed that a recent cyber incident targeting its systems was a ransomware attack, although the extent of the breach remains unclear.
The confirmation comes after the criminals responsible for the attack uploaded stolen documents to their dark web site, prompting concerns over data security and user privacy.
INC Ransom, the group that has claimed responsibility, is notorious for targeting various governmental, educational and healthcare institutions.
The council revealed on 3rd April that approximately 25 sensitive documents, including rent statements, council housing purchase applications and personal ID records such as passport information were among those leaked.
"The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the Information Commissioner," said Richard Sword, the council's strategic director.
While the exact extent of the breach remains uncertain, Sword acknowledged the possibility that additional documents may have been compromised.
The INC Ransom group, which claims to have extracted 3 terabytes of data from Leicester City Council, has also published a 'proof pack' on a data leak site.
While the majority of the council's systems and phone lines are now functioning normally, following a shutdown on 7th March when the attack was first detected, several critical services are still disrupted.
Emergency contact numbers were provided on the council's website as alternative means of communication, particularly for essential services like child protection, homelessness support and adult social care safeguarding.
The council has cautioned residents to remain vigilant and report any suspicious approaches from parties claiming to possess their data to Leicestershire Police. It says it is cooperating with law enforcement agencies, including Leicestershire Police and the National Cyber Security Centre, as part of the investigation.
The Information Commissioner's Office has also been notified of the breach.
"As this is a live investigation, we are not able to comment in further detail, but will continue to provide updates when we have news to share," Sword said.
INC Ransom's involvement in the cyber incident extends beyond Leicester, as the group has also claimed responsibility for an attack on NHS Dumfries and Galloway, part of the Scottish healthcare system.
"In the last two weeks it's become evident that INC ransom have clear intent when it comes to targeting local services, with Leicester Council joining the victim list alongside NHS Dumfries and Galloway," said Darren Williams, CEO and founder of security firm Blackfog.
Trevor Dearing, director of critical infrastructure at Illumio, said: "Local councils store a vast amount of personal data which can be used in the longer term to conduct further attacks as well as be sold on the dark web for a quick profit or used for identity fraud. So, the fact that passport details have been stolen is especially worrying.
"Attacks on the public sector show no signs of slowing down, but the sheer breadth of services local government must support means funding for cybersecurity will always be a challenge. The government should look to implement some of the recommendations in the recent parliamentary committee report on ransomware, especially on how respond to an incident. Ultimately local government should not have to choose between cyber security and social care."
Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.