The Information that was stolen has been published on the darknet.
Sensitive data stolen from Hackney Council in the UK has allegedly been published online, three months following the ransomware attack on the local authority that took place last year.
Hackney council, which provides services for 280,000 residents in the UK capital, was struck by what was labeled a”serious” cyber-attack last October, taking many IT systems out of operation, with some still disrupted currently.
Data stolen at a cyber-attack against a London council last year was leaked online by the hackers responsible for the attack.
A cybercriminal group called Pysa/Mespinoza has claimed that it has released a selection of information caused by the incident on the darknet. This includes sensitive personal data of employees and residents, such as passport documents.
It now appears that the information that has been stolen during the attack was published to the dark web by the offenders, even though the council stated that only a limited set of information was at risk.
According to the council’s latest update, the documents have not been leaked to a”widely available forum”, and are not visible through search engines online.
The Mayor of Hackney Philip Glanville said: “I fully understand and share the concern of residents and staff about any risk to their information, and we’re working as rapidly as possible with our partners to assess the information and take actions, including informing people who are affected.”
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that may feel like cold comfort, and we’re sorry for the stress and upset this will cause them.”
While the majority of sensitive and private information held by the council seems to be unaffected, Hackney council said that it is working with the National Cyber Security Centre, the National Crime Agency, the Information Commissioner’s Office, and the Metropolitan Police to investigate what has been published exactly and assess which actions need to be taken.
Now several months after the attack happened, the exact nature of the intrusion is still unclear. The council has avoided disclosing details to make sure that it does not inadvertently assist the attackers.
Only legacy and non-cloud-based systems, like making payments or approving licensing, have been changed, while newer systems and services linked to managing the Covid-19 pandemic have stayed up-and-running.
Although many systems have since been completely or partially restored, the council has said that it anticipates some services to remain inaccessible or disrupted for the months to come.
Hackney council’s service status page still indicates that services are”significantly disrupted” because of a”severe cyber-attack”, and recommends that citizens and businesses avoid contacting the council unless necessary.
For instance, the council is currently unable to process applications for many kinds of licenses, to add to the housing waiting list, or to get council tax discounts.
Disruptions and delays to payment methods remain, and to claims for housing benefits. Voting preferences cannot be updated, and residents are currently unable to report noise complaints online.
Phone lines, however, remain open for essential help and emergency support.
“It is utterly deplorable that organized criminals chose last year to intentionally attack Hackney, damaging services and stealing from our borough, our team, and our residents this way, and all while we were in the middle of responding to a worldwide pandemic,” said Glanville.
“Now four months on, at the start of a new year and as we are all responding to the second wave, they’ve opted to compound that attack and now release stolen data.
Working together with our partners we’ll do everything we can to help bring them to justice.”
Last year also saw an attack on Redcar and Cleveland council in North East England, which affected 135,000 individuals and came at a cost of more than £10 million ($13.5 million).