ICO confirms knowledge breach probe as UK councils stay downed by cyberattack

Three native councils in the UK proceed to expertise disruption to their on-line companies, per week after confirming a cyberattack had knocked some programs offline.

The councils for Canterbury, Dover, and Thanet — all of that are primarily based within the U.Ok. county of Kent and have a mixed inhabitants of just about 500,000 residents — stated final week that they had been collectively investigating an unspecified “cyber incident” that had disrupted council tax funds and on-line kinds.

Questions stay in regards to the incident, together with whether or not private knowledge was accessed. Robert Davis, a spokesperson for Canterbury Metropolis Council, instructed TechCrunch final week that the council’s preliminary investigation means that no buyer knowledge was accessed.

Nonetheless, the U.Ok.’s Data Commissioner’s Workplace instructed TechCrunch on Friday that the info regulator has acquired a breach report from the three councils.

“We have now acquired breach report kinds from three Kent Councils who kind a three-way partnering service: Thanet District Council, Dover District Council and Canterbury County Council, and might be making enquiries,” ​​ICO spokesperson Rashana Vigerstaff stated.

TechCrunch understands that the continuing incident is linked to EKS, or East Kent Companies. EKS was arrange by Canterbury, Dover, and Thanet in 2011 earlier than it was outsourced to Civica in 2018, and is utilized by all three councils to ship quite a few IT and HR companies, together with funds, advantages, and debt restoration.

TechCrunch discovered final week that a few of Canterbury Metropolis Council’s fee programs, supplied by EKS, had been unavailable. These companies stay down on the time of writing — as is EKS’ web site, which has now been offline for a minimum of seven days.

TechCrunch has contacted a number of individuals at EKS however has not but acquired a response. The corporate has but to make a public assertion concerning the cyberattack, the character of which stays unknown.

In line with a Mastodon put up from safety researcher Kevin Beaumont, EKS’ Pulse Safe VPN server can be offline, suggesting a doable hyperlink to the widespread exploitation of two essential zero-day vulnerabilities in Ivanti’s broadly used company VPN equipment.

The incident continues to trigger disruption for a whole bunch of hundreds of people in Kent.

Davis, the spokesperson for Canterbury Metropolis Council, didn’t reply to questions from TechCrunch despatched Friday, however a discover on the council’s web site notes that residents stay unable to “apply for, report one thing or pay for many companies on-line for the time being” whereas it continues to analyze the incident.

Dover District Council spokesperson Andy Steele additionally didn’t reply to TechCrunch’s questions, however the council has additionally confirmed in an up to date discover that it’s “nonetheless experiencing technical difficulties” with a few of its programs, together with its advantages, council tax, and enterprise charges portal. The council notes that the problems affecting its on-line kinds have been resolved.

Thanet District Council spokesperson Clare Winter shared an up to date assertion with TechCrunch, which has additionally been revealed on the council’s web site. “Thanet District Council is at the moment limiting entry to quite a few its on-line programs,” the assertion reads. “This can be a proactive choice following stories of a possible safety incident.”

Canterbury and Thanet councils notice of their statements that their downed IT companies, which embody on-line kinds and planning functions, should not supplied by Civica.

In an e mail to TechCrunch on Friday, Civica spokesperson Fintan Hastings reiterated that Civica’s programs had been unaffected. Hastings stated that Civica doesn’t present instruments for monitoring and managing data belongings reminiscent of functions, infrastructure, operational supply, and IT belongings, however added that Civica supplies the councils with revenues and advantages, debt restoration, and buyer companies.

Leave a Comment