UK council won't say whether two-week 'cyber incident' impacted resident data

Leicester City Council continues to battle a suspected ransomware attack while keeping schtum about the key details.

Progress updates posted to its website are still referring to the widespread outage as a "cyber incident," failing to even confirm whether data has been compromised or whether ransomware is involved, which some experts insist to be the case.

The Register has repeatedly asked for a confirmation or denial of ransomware's involvement from the council, but after ignoring us for ten days it finally replied today, only to say it still couldn't share anything beyond official statements.

The UK's National Cyber Security Centre (NCSC), which has been informed of the situation at the council, told us it continues to work with local officials.

Leicester says in its statement a criminal investigation into the "cyber incident" remains ongoing, and as such the key details surrounding it all can't be revealed.

"The UK government really needs a radical rethink on ransomware [in my honest opinion]," said security expert Kevin Beaumont at the time the incident was first disclosed. 

"If you can't even say the word, you can't manage the problem."

Eerke Boiten, professor of cybersecurity at De Montfort University Leicester, said following the initial disclosure of the incident that the council has a good reputation when it comes to information governance and that he had "some faith" that any damage to sensitive data would be limited.

Earlier this week, the council extended its estimated time to recovery from the few short days at the time of disclosure, to "at least two weeks."

Richard Sword, strategic director of city development and neighborhood services at the council, said this week that "a good majority of staff are also back on the network," but its phone lines still require some work before they're back online. 

• Crypto scams more costly to the US than ransomware, Feds say
• More than 133,000 Fortinet appliances still vulnerable to month-old critical bug
• Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament
• As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims

Libraries and community centers remain open, and waste services continue to operate as normal, but access to public computers, Wi-Fi, and printing is down. 

Some residents have had issues with the council being unable to collect their direct debits. The council will be writing to the affected individuals to inform them of the new date of collection.

Standing orders aren't affected and residents can still pay fixed penalty notices, which are issued for low-level crimes such as littering and not paying for car parking.

Emergency telephone lines have been established for critical services such as child protection services, homelessness, and housing repairs while the recovery efforts continue.

"We are making good progress with the recovery of our systems and are now in the process of switching them back online, with housing, adult and children's social care, and revenues and benefits being prioritized for this week," said Sword.

Residents were urged to only contact the council in the event of an emergency. They've also been assured that its website is still safe to use, and that they may trust emails coming from council sources, including any attachments that come with them.

"Many people in Leicester will be frustrated by these ongoing issues, but I'd like to reassure them that we're working as quickly as possible to get things back to normal," said Sword earlier this week. 

"I'd also like to apologise for the disruption and thank people for their continued patience and understanding as we work to resolve these outstanding issues." ®