City council says confidential documents shared online after cyber attack

Leicester City Council was targeted by hackers last month.

Martyn Landi
Thursday 04 April 2024 07:32 EDT
Leicester City Council has said confidential documents stolen from its servers in a cyber attack have been published online by hackers (Dominic Lipinski/PA)
Leicester City Council has said confidential documents stolen from its servers in a cyber attack have been published online by hackers (Dominic Lipinski/PA) (PA Wire)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Leicester City Council has said confidential documents stolen from its servers in a cyber attack have been published online by hackers.

The unitary authority was targeted last month in an attack which forced it to close down its IT systems.

In an update on the incident, the council said it had been made aware that a ransomware group had posted “around 25” confidential documents online, including rent statements, applications to purchase council housing, and ID documents such as passport information.

It said it was “not able to say with certainty” whether other documents had been stolen during the cyber attack, but said it was “very possible that they have”.

It has been reported that the ransomware gang known as INC Ransom has claimed responsibility for the cyber attack and published the documents online – the same group which admitted carrying out a cyber attack on NHS Dumfries and Galloway last month.

Leicester City Council’s strategic director of city developments and neighbourhoods, Richard Sword, said: “We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group.

“This group is known to have attacked a number of government, education and healthcare organisations.

“This relates to the cyber incident identified by the council on 7 March, which led to us closing down our IT systems.

“At the moment we are aware of around 25 or so confidential documents that have been published online. They include rent statements, applications to purchase council housing, and identification documents such as passport information.

The breach of confidential information is a very serious matter and its publication is a criminal act

Richard Sword, Leicester City Council

“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the Information Commissioner.

“We realise this will cause anxiety for those affected, and want to apologise for any distress caused.

“At this stage we are not able to say with certainty whether other documents have been extracted from our systems, however we believe it is very possible that they have.

“We are continuing to work with the cyber crime team at Leicestershire Police and the National Cyber Security Centre as part of this ongoing criminal investigation.

“As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”

The council said most of its systems and phone lines are now back online following the attack, and there is no reason for concern about conducting business as usual.

Cyber security experts have urged other organisations to be vigilant in the wake of the attack.

Ransomware is today’s most damaging attack vector, so all organisations must work hard to improve their defences

Oliver Spence, Cybaverse

Oliver Spence, chief executive of cybersecurity firm Cybaverse, said: “Given the UK Government has very publicly voiced its commitment to never do business with ransomware actors, it’s hard to imagine INC would be expecting a payout from these attacks.

“This could suggest the gang is motivated by damage, rather than money, which means more public bodies could be on its target list.

Ransomware is today’s most damaging attack vector, so all organisations must work hard to improve their defences. Organisations must test their systems to identify vulnerabilities, so they can be patched and mitigated before they cause harm.

“They must train employees so they can spot malicious activity before they open emails or click on links. This includes phishing emails generated via AI. Employees must be taught to use caution consistently online, even when sites or emails look realistic.

“Furthermore, organisations need to manage their security more efficiently, so weaknesses can be more easily spotted.

“This can be achieved using tools which provide a unified view on their security posture, allowing teams to more easily spot weaknesses or vulnerabilities and then remediate them before they cause harm.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in