[BreachExchange] Town Hall ‘still working to recover data’ more than a year after ‘devastating’ cyber attack

[Terrell Byrd]

https://www.hackneycitizen.co.uk/2022/01/06/town-hall-recover-data-year-cyber-attack/

The “devastating” cyber attack on Hackney Council has exacerbated the
“flexibility and resilience” of its finances, councillors have been told.

Cyber criminals struck in October 2020, when the Town Hall was already
coping with the impact of the pandemic, and the following January saw data
published in the dark web.

File names including ‘Tenancy Audits’ and ‘Complaints Community Safety’
were among the material allegedly published, but council bosses stressed
that the stolen data was not “a big cache of bank and credit card details”.

The hack, which could cost the council £10m, affected multiple services and
left key data missing. It is being investigated by the National Crime
Agency.

The council’s audit committee this week discussed a specially commissioned
report by its auditors Mazars, but did it behind closed doors.

That decision was challenged by the Citizen because of the public interest
in the attack, which saw staff and residents’ data exposed.

The council cited legislation and said it could not talk about the £10,085
report in public because it included “information relating to any action
taken or to be taken in connection with the prevention, investigation or
prosecution of crime”.

Committee chair Nick Sharman said: “This is  one of the most devastating
attacks that we’ve received. It’s had a harmful effect both on the
council’s operations and on residents and we certainly want to share as
much informstion as is possible.”

He said the council will look at what it can make public.

In a public report, finance and corporate resources director Ian Williams
said:  “Following work performed by Mazars IT audit team, in response to
the cyber attack on the council, Mazars have concluded that they are
satisfied that in all significant respects, the council had put in place
proper arrangements to secure economy, efficiency and effectiveness in its
use of resources for the year ended 31 March 2020.”

Cllr Sharman told the meeting: “I am sensitive to the points raised by the
objections.”

During the public part of the meeting, during which council finances were
discussed, risk officers said the attack is still causing problems with
housing  services.

Housing director Steve Waddington explained that the loss of the housing
benefit system in the attack means no new tenants have had their benefits
assessed since August 2021.

They have prioritised getting people who are homeless or in temporary
accommodation “through the system first”.

The council is tracking the impact.

Waddington said the attack also meant that data was lost for “a high number
of cases” of people whose benefits were processed between July and October
2020 – in the run-up to the cyber attack .

“We anticipate the impact of the housing benefit and universal credit owed
to the housing revenue account is around £2m to £2.5m, which will
ultimately be credited to individual accounts,” he said.

The council is also working to rebuild its IT system, which assesses
arrears – currently at £14.8m.

“I cannot underestimate the impact of not having that arrears system in
place because we’re not able to accurately determine when we want to take
enforcement action, progress to court without that system in place,” said
Waddington.

Ajman Ali, the council’s neighhourhoods and housing group director,
described how the hack forced staff to go back to “pen and paper”.

He said:  “The cyber [attack] has had a really big impact on neighbourhood
and housing services.”

He explained that it hit planning, business and regulatory services, and
“more significantly housing services which is very IT-reliant”.

He added: “You probably won’t believe when I say that staff had actually
gone to pen and paper and I’ve been down in the council, down at the depot,
piles and piles of A4 paper on staff desks actually putting down job
tickets and waiting to put them down onto the computer system.”

In its audit of the council’s finances, Mazars added risks to the
collections fund, housing revenue account and housing benefit spending
because of the attack.

The council said the incident has exacerbated the “flexibility and
resilience” of its financial position, alongside Covid.

Over a year on, social services “do not yet have access to the full set of
functions required to operate normally”, although “core data” was recovered.

It has also meant revenue and benefits are still tackling a backlog.

The council said it is still working to recover data. It said the most
critical services affected are social care, benefits and revenues, planning
and land charges and housing.

A report for the audit committee said: “In all cases progress has been
made, but due to the severe and complex nature of the attack there is still
further work needed to fully recover services.”

Williams said: “When the attack was discovered in October 2020, immediate
work was carried out to isolate the council’s internally hosted systems and
network and to notify the national leads for cyber security.

“However, risks remain that recovery work may introduce new vulnerabilities
or reintroduce vulnerabilities which existed at the time of the attack or
retain elements of the attack which could be reused in future.”

His report added: “Risks remain relating to the data stolen and published
to the
dark web in January 2021.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220107/96683f18/attachment.html>