IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cyber incident strikes Gloucester City Council as residents suffer service outages

The Council has been hit with so-called 'sleeper' malware in what could be the second major cyber incident in the past decade

Gloucester City Council has confirmed a cyber incident is affecting a number of its systems and services with residents experiencing service outages.

The Council said it is currently working with the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) to fully understand the nature of the incident.

Gloucester City Council sources said the attack is believed to be linked to Russian hackers, adding the Council first became aware of the incident on 20 December 2021, according to the BBC.

The Council is believed to have been hit with a form of sleeper malware that infected an officer's computer via a malicious email. The malware is also thought to have laid dormant on the network for some time before the malicious payload was launched.

Gloucester City Council said residents can expect delays to services and is handling the most urgent resident enquiries as a matter of priority via email.

Various online application forms for Council services such as council tax support, housing benefit, housing payments and test and trace support are all delayed or down.

"We are aware of an incident impacting Gloucester City Council," said an NCA spokesperson in a statement to IT Pro, which was also echoed by the NCSC. "National Crime Agency officers are working alongside partners in the NCSC to better understand the incident and support the Council."

The Information Commissioner's Office (ICO) told IT Pro it has been made aware of the incident and is in the process of making enquiries.

"We'll provide updates on services as soon as we are able to, however, we are focusing on managing any urgent customer issues and continue to work with the national agencies and our IT partners to bring our systems back online as quickly as possible, Gloucester City Council said in a statement.

Related Resource

Oracle’s modern data platform strategy

Freedom from manual data management

Oracle’s Modern Data Platform StrategyDownload now

"As the situation is still being investigated it is unfortunately not possible to give a current timeframe for when we’re able to resolve the issues and we are unable to share any further details as it is an active investigation," it added. "[Residents] can still access advice and information via our website including emergency numbers if you need to contact us. We are taking the situation extremely seriously and thank residents for their co-operation and understanding."

Residents are advised if they cannot find the information they need on the Council's website, they can call 01452 396396 or email heretohelp@gloucester.gov.uk for assistance.

One Twitter user, with their set location displayed as Gloucester, criticised the Council for not acting swiftly enough after the incident began nearly a month ago, raising the point that it's not the first time Gloucester City Council has been reprimanded for cyber security failings.

Gloucester City Council was previously fined £100,000 by the ICO for a 2014 data breach involving an exploit of the 'Heartbleed' flaw in the OpenSSL software library.

The Council lost 30,000 emails to hackers containing personal information belonging to employees after it knowingly failed to patch the widely publicised security vulnerability.

The ICO said at the time that the "Council's security systems were not robust enough to protect the data they held" and that a lack of oversight on the matter left the Council, which was outsourcing its IT systems at the time, vulnerable to the attack.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022