Experts react to Leicester City Council cyberattack

Experts react to Leicester City Council cyberattack

Leicester City Council has confirmed it has been the victim of a cyberattack.

“We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group,” said Richard Sword, Leicester City Council’s Strategic Director of City Developments and Neighbourhoods.

“This group is known to have attacked a number of government, education and healthcare organisations.

“This relates to the cyberincident identified by the council on March 7, which led to us closing down our IT systems.

“At the moment we are aware of around 25 or so confidential documents that have been published online. They include rent statements, applications to purchase council housing and identification documents such as passport information.

“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach and have also notified the Information Commissioner.

“We realise this will cause anxiety for those affected and want to apologise for any distress caused.

“At this stage we are not able to say with certainty whether other documents have been extracted from our systems, however we believe it is very possible that they have.

“We are continuing to work with the cybercrime team at Leicestershire Police and the National Cyber Security Centre as part of this on-going criminal investigation.

“As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”

Cybersecurity experts have been offering their opinions on the cyberbreach: Darren Williams, CEO and Founder of Blackfog, said: “In the last two weeks it’s become evident that INC ransom have clear intent when it comes to targeting local services, with Leicester Council joining the victim list alongside NHS Dumfries and Galloway. The intent of a group like this is clear: to cause maximum distress and disruption, with maximum rewards, at minimal effort.

“In this attack, 25 documents including personal data such as citizens rent statements, applications to purchase council housing and ID information was exfiltrated and shared online, which can unfortunately lead to extortion and blackmail. To prevent such attacks from happening again, council’s and organisations alike must invest in the latest anti-data exfiltration tools to secure their data and prevent ransomware and extortion.” Trevor Dearing, Director of Critical Infrastructure at Illumio, said: “The on-going wave of attacks from INC Ransom towards the UK’s public services like Leicester City Council, and NHS Scotland the week before, shows the scale of the cybersecurity challenge facing the UK public sector.

“Local councils store a vast amount of personal data which can be used in the longer term to conduct further attacks as well as be sold on the Dark Web for a quick profit or used for identity fraud. So, the fact that passport details have been stolen is especially worrying.    

“Attacks on the public sector show no signs of slowing down, but the sheer breadth of services local government must support means funding for cybersecurity will always be a challenge. The government should look to implement some of the recommendations in the recent parliamentary committee report on ransomware, especially on how to respond to an incident. Ultimately local government should not have to choose between cybersecurity and social care.” Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, said: “Multiple local councils in the UK, as well as regional government bodies in other countries such as the US have been victims of ransomware attacks in recent years, with no sign that such activity is slowing. In fact, by some counts the number of ransomware attacks against all sectors almost doubled from 2022 to 2023.

“Whilst the investigation by the council continues, locals should be on the lookout for any potential phishing emails or any other form of unsolicited communication. With the type of data stolen, a cyber attacker could craft extremely plausible, targeted phishing emails, texts and phone calls.

“Incidents such as this show how critical it is for local councils to improve cyber-resilience. Cost effective methods we advise all councils to implement include regular risk assessments, rigorous patching schedules, and fostering a strong cybersecurity culture supported by clear security policies.”

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive