Sensitive data stolen from Hackney Council in the UK has allegedly been published online, three months after the ransomware attack on the local authority that took place last year.
A cyber-criminal group called Pysa/Mespinoza has claimed it has published a range of information resulting from the incident on the dark web. This includes sensitive personal data of staff and residents, such as passport documents.
In October 2020, London’s Hackney Council revealed it had been victim of a serious cyber-attack which affected many of its services and IT systems.
In a new statement on its website, the council said it was working with NCSC, National Crime Agency, Information Commissioner's Office, the Metropolitan Police and other experts to investigate what has been published and the next steps to take.
It noted that experts believe the data has not been published on a widely available public forum and is not visible through internet search engines, adding that “at this stage, it appears that the vast majority of the sensitive or personal information held by the council is unaffected, but the council and its partners are reviewing the data carefully and will support any directly affected people.”
Mayor of Hackney, Philip Glanville, stated: “I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected.
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them.
“We are already working closely with the police and other partners to assess any immediate actions we need to take, and will share further information about the additional action we will be taking as soon as we can.”
Commenting on the story, Matt Aldridge, principal solutions architect, Carbonite & Webroot, said: “Once a data breach has occurred, and the data has been exfiltrated, no amount of ransom payment can guarantee that all copies of the data will be securely destroyed. For this reason, it is critical that all organizations invest appropriately in their cyber-defenses and, wherever possible, that they have their approach validated by trusted independent third parties.
“Understanding the criticality and sensitivity of all organizational data is key, and different data types, locations and classifications should be protected appropriately, with more investment and protection being put in place to protect the most sensitive data within the organization. Regular reviews need to be made to keep on top of this situation, as data locations, types and flows are constantly changing in any modern organization.”