Investigation Launched After Two Council Contractors Caught Up in International Data Breach by Hacking Gang
Key Highlights :
Adur and Worthing Councils have launched an investigation after two of their contractors were caught up in an international data breach by an international hacking gang. Debt collection agencies Rundles and Jacobs have informed the councils that the data of 84 Adur and Worthing residents may have been accessed by the criminal gang as part of a cyber attack on businesses and organisations around the world.
The councils use the companies to pursue unpaid debts, and the hackers had been using the MOVEit computer system to send letters to the affected residents when the software was illegally hacked on or after May 31. An international hacking gang has since claimed responsibility for the attack online and has demanded ransoms from some businesses, though they have stated they have deleted their copy of data taken from local authorities, law enforcement agencies and government departments.
The councils were informed of the breach on Tuesday, and the data accessed includes residents’ names, addresses, details of their debts to the councils and reference numbers. Rundles was affected with 79 residents, while Jacobs was affected with five residents.
The councils have said that an investigation has been launched to identify all those affected by the breach, and to ensure that no other members of the community may have been targeted. The contractors have informed the councils that MOVEit is no longer able to be accessed by the hackers and that data is at no further risk.
At this stage the councils believe the risk to the residents is very low, but they have still written to those involved to inform them and to apologise. The councils have also written to the Information Commissioner’s Office - the independent body set up to uphold people’s information rights - to ensure it is aware of what has happened. They have also contacted the national cyber security team at the Department for Levelling Up, Housing and Communities for assistance.
An Adur and Worthing Councils spokesman said: “We are extremely unhappy that some of our residents’ data has been able to be accessed in this way. Although the risk to our residents in this case appears to be low, they have the right to expect their personal data to be protected. We treat data protection extremely seriously and are currently identifying each and every one of our residents that has been affected so that we can contact them to apologise. We are also liaising with the national cyber security team, the Information Commissioner and our contractors to ensure that everything is being done to prevent something like this happening again.”
The councils have stressed that this incident is not connected to a data breach involving another of their contractors, Capita, which became public last month. They are taking all necessary steps to ensure the safety and security of their residents’ data, and are liaising with the relevant authorities to ensure that the breach is investigated and that all necessary measures are taken to protect their residents.
