A cybercriminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack.
A cybercriminal organization named Pysa/Mespinoza has reported that a range of data resulting from the dark web incident has been released. This involves sensitive personal data, such as passport documents, of employees and residents.
London’s Hackney Council announced in October 2020 that it was the target of a major cyber-attack that affected many of its services and IT infrastructure.
The council said it was collaborating with NCSC, the National Crime Agency, the Information Commissioner’s Office, the Metropolitan Police and other experts in a new statement on its website to investigate what was published and the next steps to take.
It noted that experts believe the data has not been published on a widely available public forum and is not visible through internet search engines, adding that “at this stage, it appears that the vast majority of the sensitive or personal information held by the council is unaffected, but the council and its partners are reviewing the data carefully and will support any directly affected people.”
The precise nature of the intrusion is still unknown now, many months after the assault occurred. To ensure that it does not unintentionally aid the attackers, the council has resisted revealing information.
Only legacy and non-cloud-based systems have been affected, such as making payments or authorizing licenses, while new services and systems related to the COVID-19 pandemic management have remained up and running.
Although several networks have been completely or partially restored since then, the Council has also said it expects some services to remain inaccessible or interrupted for months to come.
Hackney Council’s service status page still indicates that services are “significantly disrupted” due to a “serious cyber attack”, and recommends that residents and businesses avoid contacting the council unless absolutely necessary.
The cabinet planning member of the Hackney Council, Guy Nicholson, said the hack had disrupted resident services on which residents relied, including by undermining the council’s ability to process land search requests for those purchasing property.
On social media, several people have protested about how chaos has cost them financially and derailed purchases of homes.
The hack broke the chain on her and several other people’s house purchases, Jessica told the BBC.
She told the BBC: “It’s extremely frustrating as the hack has ruined our plans and cost us money that we’ll never get back. The sale of our property fell through because our buyer wasn’t able to carry out a search on our house so couldn’t get a mortgage.
Mayor of Hackney, Philip Glanville, stated: “I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected.
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them.
“We are already working closely with the police and other partners to assess any immediate actions we need to take and will share further information about the additional action we will be taking as soon as we can.”