Security

Cyber-crime

UK council won't say whether two-week 'cyber incident' impacted resident data

Security experts insist ransomware is involved but Leicester zips its lips


Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.

Progress updates posted to its website are still referring to the widespread outage as a "cyber incident," failing to even confirm whether data has been compromised or whether ransomware is involved, which some experts insist to be the case.

The Register has repeatedly asked for a confirmation or denial of ransomware's involvement from the council, but after ignoring us for ten days it finally replied today, only to say it still couldn't share anything beyond official statements.

The UK's National Cyber Security Centre (NCSC), which has been informed of the situation at the council, told us it continues to work with local officials.

Leicester says in its statement a criminal investigation into the "cyber incident" remains ongoing, and as such the key details surrounding it all can't be revealed.

"The UK government really needs a radical rethink on ransomware [in my honest opinion]," said security expert Kevin Beaumont at the time the incident was first disclosed. 

"If you can't even say the word, you can't manage the problem."

Eerke Boiten, professor of cybersecurity at De Montfort University Leicester, said following the initial disclosure of the incident that the council has a good reputation when it comes to information governance and that he had "some faith" that any damage to sensitive data would be limited.

Earlier this week, the council extended its estimated time to recovery from the few short days at the time of disclosure, to "at least two weeks."

Richard Sword, strategic director of city development and neighborhood services at the council, said this week that "a good majority of staff are also back on the network," but its phone lines still require some work before they're back online. 

Libraries and community centers remain open, and waste services continue to operate as normal, but access to public computers, Wi-Fi, and printing is down. 

Some residents have had issues with the council being unable to collect their direct debits. The council will be writing to the affected individuals to inform them of the new date of collection.

Standing orders aren't affected and residents can still pay fixed penalty notices, which are issued for low-level crimes such as littering and not paying for car parking.

Emergency telephone lines have been established for critical services such as child protection services, homelessness, and housing repairs while the recovery efforts continue.

"We are making good progress with the recovery of our systems and are now in the process of switching them back online, with housing, adult and children's social care, and revenues and benefits being prioritized for this week," said Sword.

Residents were urged to only contact the council in the event of an emergency. They've also been assured that its website is still safe to use, and that they may trust emails coming from council sources, including any attachments that come with them.

"Many people in Leicester will be frustrated by these ongoing issues, but I'd like to reassure them that we're working as quickly as possible to get things back to normal," said Sword earlier this week. 

"I'd also like to apologise for the disruption and thank people for their continued patience and understanding as we work to resolve these outstanding issues." ®

Send us news
22 Comments

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

Theories abound over who's truly responsible

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

Head of Israeli cyber spy unit exposed ... by his own privacy mistake

Plus: Another local government hobbled by ransomware; Huge rise in infostealing malware; and critical vulns

UK businesses shockingly unaware of how to handle security threats

Many decide to make no changes after detecting a breach

Change Healthcare’s ransomware attack costs edge toward $1B so far

First glimpse at attack financials reveals huge pain

INC Ransom claims to be behind 'cyber incident' at UK city council

This follows attack on NHS services in Scotland last week

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns

INC Ransom claims responsibility for attack on NHS Scotland

Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Street newspaper appears to have Big Issue with Qilin ransomware gang

The days of cybercriminals having something of a moral compass are over

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

High-profile individuals including MPs said to be caught up in leak

Singapore infosec boss warns China/West tech split will be bad for interoperability

When you decide not to trust a big chunk of the supply chain, tech (and trade) get harder