Gloucester City Council’s IT systems are still not fully operational almost six months after it was targeted by Russian hackers.
The authority acknowledged its servers were compromised on December 20 last year.
The phishing “sleeper” malware found its way into the council's system by a third party and reportedly encrypted files.
Housing benefit, council tax support, test and trace support payments, discretionary housing payments and other online services were disrupted as a result.
The local authority set aside £380,000 ($514,000) to remediate and recover from the incident, according to reports.
Opposition councilors raised concerns recently about the increasing cost of the cyber-attack.
The bill is so far in the hundreds of thousands, yet many fear the final tally will be more than £1m.
Liberal Democrat group leader Jeremy Hilton said the December cyber-attack is still disrupting council services
He said: “The planning portal is still not up and running on the website. This means it’s impossible to read public comments on planning applications or to research the history of former applications related to a particular site.
“Processing applications has been delayed and some applicants have been asked to resubmit their plans. There has even been an appeal to a major application affecting Hempsted. Soon it will be six months since the council’s ICT systems were compromised by hackers.
“That is twice in ten years. The city council must aim to get the planning portal up and running by the end of this month. I know the servers have been repopulated and testing is to begin. As planning is an important statutory role for the council, it must redouble its efforts to return its planning processes back to the 21st century.”
Council leader Richard Cook said he doesn't know when all systems will be back up and running as normal.
However, he did say that work is progressing well and the council’s systems will have been upgraded and be much more secure once all the work is complete.
He said: “All I can say is that officers are working hard to restore all the IT systems that customers rely on and will get systems fully operational as soon as possible.
“Officers are continuing to process planning applications although we acknowledge that some delays have been caused by the cyber incident.”
In 2017, the UK’s data protection watchdog fined the council £100,000 after its failure to patch the notorious Heartbleed vulnerability three years previously enabled hackers to access council email inboxes.