Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called ‘sleeper’ malware, with media reports pointing the finger of blame at Russian hackers

Gloucester City Council has confirmed it has suffered a cyber incident that is impacting number of its systems and services, with residents experiencing service outages.

The confirmation of the attack came in a notice on the council’s website, which seems to have not been impacted by the attack.

Gloucester City Council said that it working “closely with the National Cyber Security Centre and the National Crime Agency to understand more about the nature of this incident.”

Cyber incident

The council reportedly became aware of the cyber-incident just before Christmas, on 20 December 2021, according to the BBC.

“We’ll provide updates on services as soon as we are able to, however, we are focusing on managing any urgent customer issues and continue to work with the national agencies and our IT partners to bring our systems back on line as quickly as possible,” said the council in its notice.

“As the situation is still being investigated it is unfortunately not possible to give a current timeframe for when we’re able resolve the issues and we are unable to share any further details as it is an active investigation.”

It said that residents can still access advice and information via its website including emergency numbers if you need to contact us.

However online application forms used to claim for housing benefit, council tax support, test and trace support payments, discretionary housing payments and several other services have been delayed or are unavailable.

“We are taking the situation extremely seriously and thank residents for their co-operation and understanding,” the council said.

The BBC, citing unnamed sources, alleged the cyber attack was carried out by hackers from Russia.

According to the Local Democracy Reporting Service, the sleeper malware apparently made its way into the local authority’s system embedded in an email which had been sent to a council officer.

The BBC reported that the sleeper malware is understood to have been dormant for some time before it was activated.

Other local authorities and government agencies are currently blocking emails from Gloucester City Council.

2014 data breach

Lib Dem councillor Jeremy Hilton was quoted by the BBC as saying that benefits and council staff will still be paid.

“This is the second time, in ten years, that this has happened,” he added.

Gloucester City Council had suffered a data breach in July 2014 through a cyber attack from a hacker who was able to make use of the Heartbleed flaw, a bug in OpenSSL that could be exploited to enable hackers to read a system’s memory protected by versions of OpenSSL with the flaw.

Heartbleed was used to exfiltrate data, eavesdrop on conversations and impersonate users or services; in the council’s case it led to the unauthorised download of more than 30,000 emails by a hacker claiming to be part off the Anonymous group.

The hack, data breach and the subsequent results were an indication of the affect major bugs such as Heartbleed can have if not fixed quickly.

The Information Commissioner’s Office (ICO) took Gloucester City Council to task as it had ample time and warning to take action to fix the flaw.

However, it failed to do so meaning personal information was put at risk when it could have been avoided and thus the data protection law was broken.

In 2017 the ICO therefore decided to fine Gloucester City Council £100,000 for leaving sensitive personal information open to attack.