Gloucester City Council Confirms ‘Cyber Incident’

Gloucester City Council has confirmed it has suffered a cyber incident that is impacting number of its systems and services, with residents experiencing service outages.

The confirmation of the attack came in a notice on the council’s website, which seems to have not been impacted by the attack.

Gloucester City Council said that it working “closely with the National Cyber Security Centre and the National Crime Agency to understand more about the nature of this incident.”

Cyber incident

The council reportedly became aware of the cyber-incident just before Christmas, on 20 December 2021, according to the BBC.

“We’ll provide updates on services as soon as we are able to, however, we are focusing on managing any urgent customer issues and continue to work with the national agencies and our IT partners to bring our systems back on line as quickly as possible,” said the council in its notice.

“As the situation is still being investigated it is unfortunately not possible to give a current timeframe for when we’re able resolve the issues and we are unable to share any further details as it is an active investigation.”

It said that residents can still access advice and information via its website including emergency numbers if you need to contact us.

However online application forms used to claim for housing benefit, council tax support, test and trace support payments, discretionary housing payments and several other services have been delayed or are unavailable.

“We are taking the situation extremely seriously and thank residents for their co-operation and understanding,” the council said.

The BBC, citing unnamed sources, alleged the cyber attack was carried out by hackers from Russia.

According to the Local Democracy Reporting Service, the sleeper malware apparently made its way into the local authority’s system embedded in an email which had been sent to a council officer.

The BBC reported that the sleeper malware is understood to have been dormant for some time before it was activated.

Other local authorities and government agencies are currently blocking emails from Gloucester City Council.

2014 data breach

Lib Dem councillor Jeremy Hilton was quoted by the BBC as saying that benefits and council staff will still be paid.

“This is the second time, in ten years, that this has happened,” he added.

Gloucester City Council had suffered a data breach in July 2014 through a cyber attack from a hacker who was able to make use of the Heartbleed flaw, a bug in OpenSSL that could be exploited to enable hackers to read a system’s memory protected by versions of OpenSSL with the flaw.

Heartbleed was used to exfiltrate data, eavesdrop on conversations and impersonate users or services; in the council’s case it led to the unauthorised download of more than 30,000 emails by a hacker claiming to be part off the Anonymous group.

The hack, data breach and the subsequent results were an indication of the affect major bugs such as Heartbleed can have if not fixed quickly.

The Information Commissioner’s Office (ICO) took Gloucester City Council to task as it had ample time and warning to take action to fix the flaw.

However, it failed to do so meaning personal information was put at risk when it could have been avoided and thus the data protection law was broken.

In 2017 the ICO therefore decided to fine Gloucester City Council £100,000 for leaving sensitive personal information open to attack.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Sued For Use Of NHS Data Of 1.6 Million Brits

Lawsuit alleges Google and Deepmind Technologies used NHS data of 1.6 million Britons 'without their…

7 hours ago

Twitter Sees Three More Executive Departures

Three executives apparently jump ship. More high level departures at Twitter, ahead of Elon Musk's…

10 hours ago

Apple Delays Staff Mandate For Three Days A Week In Office – Report

Tech giant blames rising Covid cases as it again pushes back return to office deadline,…

12 hours ago

Tesla Bluetooth Locks Can Be Hacked, Warns NCC Group

Digital locks, including those fitted to Tesla vehicles, are vulnerable to being unlocked via an…

15 hours ago

Twitter Board To ‘Enforce’ Elon Musk Merger Agreement

Legal action ahead? Elon Musk's takeover agreement of Twitter will be enforced says board of…

16 hours ago