A cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year.
The council in East London was hit by what it described as a “serious cyber attack” in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents’ data.
The council said it was working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.
Although the extent of the data breach was never confirmed by the council, a criminal group known as Pysa/Mespinoza by security researchers has now published what it claims to be a range of sensitive information held by the authority.
The file names of the documents suggest the stolen files contain very sensitive information, including those with titles such as “passportsdump”, “staffdata” and “PhotoID”, although Sky News has not downloaded the information to verify it.
These documents were posted on a darknet website hosted by the criminals in which they list their victims and publish stolen data for extortion purposes.
Brett Callow, a researcher at cyber security company Emisoft, said: “It’s increasingly commonplace for ransomware groups to steal data and use the threat of its release as additional leverage to extort payment.
“Organisations in this position are without good option. Whether they pay or not, they’ve had a data breach and the criminals have their information. The most they can hope for is a pinky-promise that it will be destroyed.”
The NCSC guidance on ransomware attacks states that law enforcement “do not encourage, endorse, nor condone the payment of ransom demands” and warns: “There is no guarantee that you will get access to your data or computer.”
The length of time that the council has struggled to deal with the impact of the attack suggests that no ransom was paid, although in some circumstances ransoms have been paid only for the data to prove unrecoverable.
A spokesperson for Hackney Council said: “We are angry and disappointed that the organised criminals responsible for October’s cyberattack have chosen to publish data stolen in October.
“We are working with the NCSC, National Crime Agency, Information Commissioner’s Office, the Metropolitan Police and other experts to investigate what has been published and take immediate action where necessary.
“We understand and share the concern of residents about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected.
“It is utterly deplorable that criminals first chose to attack and steal from a local authority and its residents in this way in the middle of responding to a global pandemic, and we will do everything we can to help bring them to justice.
“Our initial analysis suggests that the vast majority of sensitive or personal information we hold has not been published or affected, and this limited set of data has not been published on a widely available public forum, and is not visible through search engines on the Internet.
“While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, we are sorry for the worry and upset this will cause them. We will share more information as soon as we can,” they added.
A spokesperson for the National Crime Agency said: “We are aware that information has been published online as a result of a cyber incident affecting Hackney Borough Council. NCA officers are working closely with the council and the Metropolitan Police Service to manage any risk.”