Hackney Council services could be offline for 'months' following cyber attack
The East London-based council has warned that some of its key services could remain unavailable following suspected ransomware attack
Hackney Borough Council has warned that many of its key services are still unavailable and could be for "months" following a cyber attack that knocked its IT systems offline.
The council was hit by a "serious" cyber attack in October, affecting many of its services and IT systems. In an update posted today, the East London-based council said that while some services, such as its coronavirus response, continue to operate as normal, others "may be unavailable or disrupted for months".
Hackney Council's online payment portal for paying rent and service charges remains unavailable, for example, and the council is unable to accept payments in person or over the phone.
The Council's online form for reporting repairs also remains disrupted, and it says it cannot currently respond to some enquiries around service charge bills or provide rent statements, payment records or repair histories.
Hackney Council has also lost the ability to access emails sent to a number of council inboxes between 12 October and 26 October.
"The Council is continuing to work hard to recover systems needed to resolve significant disruption created by the serious cyberattack that has prevented residents accessing some Council services in recent weeks," it said in a statement.
"Our teams have worked incredibly hard to ensure all essential services for residents have remained in place, and to provide as much support as possible where normal operations have been disrupted."
The nature of the cyber attack remains unclear, though speculation suggests Hackney Council was hit by a ransomware attack. The Council has yet to confirm whether the data of Hackney residents has been compromised.
13/20/2020: Hackney Council targeted by "serious" cyber attack
Hackney Borough Council has been targeted by a serious cyber attack which has knocked its services and IT systems offline, the London-based local government body has admitted.
The council has disclosed little about the nature of the attack, or which services have been disrupted by the “serious” incident. Officials, however, are working with the National Cyber Security Centre (NCSC) as well as the Ministry of Housing, Communities and Local Government (MHCLG) as part of an ongoing investigation.
“Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems,” said the mayor of Hackney Phil Glanville.
“This investigation is at an early stage, and limited information is currently available. We will continue to provide updates as our investigation progresses. Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.
“In the meantime, some Council services may be unavailable or slower than normal, and our call centre is extremely busy. We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues.”
The NCSC confirmed it’s aware of an incident affecting Hackney Borough Council and is offering support to understand the impact of the incident.
Cyber attacks against local government bodies are fairly common, with research published in 2018 suggesting three-quarters of councils had suffered some form of cyber attack in the past year. When including phishing as an attack vector, a staggering 87% reported experiencing a form of cyber attack.
Uptime is everything
Why observability is so critical to today's business infrastructureDownload now
The financial implications, too, are staggering, with an attack that affected Redcar and Cleveland council’s IT systems estimated to have cost in the region of £10.4 million.
Part of the cost of the security incident, which took down the council’s website and local services in February 2020, included £2.4 million in remediation and replacement work for the body’s IT infrastructure. This is in addition to £3.4 million of costs incurred by individual departments, as well a further £1 million in losses due to a reduction of taxes collected.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now