Cyberattack - what you need to know
Last week, the Council was made aware that data had been stolen in October’s cyberattack and published on Wednesday 6 January by the organised criminals responsible for the attack.
Council staff are working closely with the National Cyber Security Centre, National Crime Agency, Information Commissioner’s Office, the Metropolitan Police and other experts to investigate what has been published and take immediate action where necessary. There remains a live criminal investigation into the attack.
While the publication of this data won’t affect the majority of Hackney’s residents or businesses, we understand that you may be worried about your data and personal information and we’re sorry.
Here are the five things we know so far:
Is my data safe?
At this stage, it appears that the vast majority of the sensitive or personal information held by the Council is unaffected, but we’re working with our partners to review the data published carefully and will contact and support any directly affected people who are at risk.
The experts supporting us believe that this is a limited set of data, it has not been published on a widely available public forum, and is not available through search engines on the Internet.
Reviewing the data in full will take some time, but we will provide regular updates.
We have reported the publication to the Information Commissioner’s Office and are working closely with its teams to investigate the incident, and take any actions necessary.
Why aren’t you saying more about the attack, and why do some media outlets seem to be saying more than the Council?
We’ll continue to provide public updates about this work and be as open and transparent as we can – but we won’t provide information publicly that could compromise the ongoing criminal investigation or put people at risk. This doesn’t mean that we’re not working as hard as possible behind the scenes.
What do I need to do?
We will contact you directly if you are impacted, and will continue to provide public updates about any actions residents or businesses may need to take.
The National Cyber Security Centre has helpful advice and tips for staying safe online and ensuring your data is secure.
If you’re really concerned or believe your data has been compromised, you can contact Hackney’s Data Protection Officer Nicholas Welburn on firstname.lastname@example.org
How did this happen?
This was an attack on the Council carried out by organised criminals, who have targeted many organisations around the world. The National Crime Agency continues to investigate the circumstances of the attack.
We take cyber security extremely seriously, and have invested heavily in modern technology and cloud-based services – ahead of many other councils. We were not complacent before the attack, and will continue this investment in our cyber security in the future, learning from this incident.
While we’ve been proactive about moving away from old-fashioned servers and PCs to cloud-based services, some of these older systems still remain – as they do in any large public sector organisation. It is these older systems that were subject to the cyberattack in October.
Our team had planned for any eventuality following October’s attack, and had a structured plan in place to respond to the publication of any data. Working with partners and the police, we are now executing this plan.
How is the cyberattack still impacting services?
The cyberattack in October is still severely impacting some Council services, as we work with experts to recover systems safely and ensure that no other systems are compromised. You can find the latest updates on the Service Status page.
Many services that were initially disrupted have now been restored or are operating in a different way. The publication of this data does not change our approach to restoring services.
This was a complex and sophisticated criminal attack on public services, and we share your anger and frustration about how it continues to affect your services in the middle of responding to the coronavirus pandemic.