Hackney Council hit by ‘avoidable’ cyber attack
Attack described by the ICO as 'avoidable'
London’s Hackney Council has revealed it was hit by a cyber attack that exfiltrated personal information on residents including names, addresses, racial or ethnic origins, religious beliefs, sexual orientations, health data, economic details and criminal records.
In total, 440,000 files were accessed and encrypted, affecting 280,000 residents (via CityAM).
The Information Commissioner's Office (ICO) recently completed its investigation into the attack, with the ICO’s deputy commissioner Stephen Bonner stating “This was a clear and avoidable error from London Borough of Hackney, one that has resulted in a mass loss of data and has had a severely detrimental impact on many residents.”
Avoidable cyber attack
“At its absolute worst, this has meant that some of the most deeply personal information possible has ended up in the hands of the attackers," Bonner added. "Systems that people rely on were offline for many months. This is entirely unacceptable and should not have happened.”
“If we want people to have trust in local authorities, they need to trust that local authorities will look after their data properly. Hackney residents have learnt the hard way the consequences for these errors – councils across the country should act now to ensure that those they are responsible for do not suffer the same fate,” Bonner concluded.
In total, the ICO reported that over 9,6000 resident records were confirmed as being successfully taken by the attackers.
A statement from Hackney Council said, “While we welcome the ICO completing its investigation, we maintain that the Council has not breached its security obligations. We consider that the ICO has misunderstood the facts and misapplied the law with respect to the issues in question, and has mischaracterised and exaggerated the risk to residents’ data.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“However, we do not believe it is in our residents’ interests to use our limited resources to challenge the ICO’s decision. We have worked closely with the National Cyber Security Centre, National Crime Agency and Metropolitan Police to identify, contact and help those who were significantly affected by the cyberattack, and the ICO has recognised our robust and transparent response,” the statement added.
More from TechRadar Pro
- Here is our guide to the best parental control apps
- New UK Government unveils bills for AI, Cybersecurity and Resilience to boost tech outlook
- These are the best malware removal tools
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.