Data stolen in Hackney Council cyber attack published on dark web
‘Vast majority’ of sensitive information unaffected – but appears likely some personal data shared online
Data stolen from Hackney Council during a cyber attack last year has been published on the dark web, officials have said.
The east London local authority said the “vast majority” of sensitive or personal information it held on staff and residents had been unaffected – but that it appeared likely at that some personal data had been shared online.
Cyber security experts investigating the attack told the council a limited amount of data had been put on the dark web, which is a hidden section of the internet only accessible with specialist software.
However, they stressed it was not on a widely available on a public forum or visible through search engines.
Mayor of Hackney Philip Glanville condemned the “deplorable” actions of the criminals behind the attack, and said the council would “do everything we can to help bring them to justice”.
The council is now working with the Metropolitan Police, National Cyber Security Centre (NCSC), National Crime Agency (NCA) and the Information Commissioner’s Office (ICO) to establish exactly what had been published and contact residents if necessary.
Mr Glanville said in a statement: “It is utterly deplorable that organised criminals chose last year to deliberately attack Hackney, damaging services and stealing from our borough, our staff, and our residents in this way, and all while we were in the middle of responding to a global pandemic.
He added: “Now, four months on, at the start of a new year and as we are all responding to the second wave, they have decided to compound that attack and now release stolen data.”
The council reported a “serious” cyber attack to the ICO in October 2020 which took the council’s online services and IT system briefly offline.
A message on the council’s website at the time said it was having a “technical problem” and that people may have difficulty accessing its One Account service – which allows residents to communicate with the council and manage their online payments.
Mr Glanville apologised to residents for the concern the incident had caused, and confirmed that anyone affected by the data breach would be contacted directly.”
“I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected,” he said.
He added: “While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them.”
He said the local authority would will share further information with residents in the borough “as soon as we can.”
A spokesperson for the National Crime Agency said: “We are aware that information has been published online as a result of a cyber incident affecting Hackney Borough Council. NCA officers are working closely with the council and the Metropolitan Police Service to manage any risk.”