Leicester City Council recently acknowledged that a significant volume of confidential information has been leaked online due to a ransomware attack. This cyber incident, detected on March 7, is linked to a notorious group known as Inc Ransom, which claims to have stolen approximately 3 terabytes of data from the council.
As of April 3, the council disclosed that around 25 documents have been published, including sensitive items such as rent statements, council housing applications, and personal identification materials, like passport details. Richard Sword, the strategic director of city developments and neighbourhoods at Leicester City Council, stated, "We realize this will cause anxiety for those affected, and want to apologise for any distress caused."
The breach is concerning not only for its immediate impact but also due to Inc Ransom's history of targeting various sectors, including government, education, and healthcare organizations. This is not their first attack; they previously breached the NHS Dumfries during a similar time frame, indicating a troubling pattern of sophisticated cyber assaults.
Impact and Legacy
In the wake of this incident, Richard Sword emphasized that the council is actively trying to reach out to all individuals impacted by the data breach. He noted, "It is very possible that other documents have been extracted from the Council’s systems, although this is unconfirmed at this stage." This uncertainty only adds to the anxiety surrounding the leaked data.
Furthermore, the council has issued advisories to staff and the public to remain vigilant against potential attempts to exploit this data. Sword remarked, "We are urging people to report any suspicious activity," signaling a proactive approach to mitigate the risks associated with the leaked information.
"We are urging people to report any suspicious activity,"
Stephen Robinson, a Senior Threat Intelligence Analyst at WithSecure, highlighted the heightened risk of unique social engineering attacks stemming from the leaked data. "With the type of data stolen, a cyber attacker could craft extremely plausible, targeted phishing emails, texts and phone calls," he explained, emphasizing the personal nature of the risk for both council employees and residents.
"With the type of data stolen, a cyber attacker could craft extremely plausible, targeted phishing emails, texts and phone calls,"
In response to the attack, Leicester City Council initiated immediate measures, shutting down its IT systems and phone lines on March 7. This disruption affected access to a range of essential public services, from waste collection to school admissions and birth registrations. Fortunately, by March 28, the council announced that most of its main service portals and phone lines were back in operation, alleviating some concerns among the residents.
The council is collaborating with Leicestershire Police and the National Cyber Security Centre (NCSC) in their ongoing investigation into the breach. Sword confirmed, “As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”
Rebecca Moody, Head of Research and Data at Comparitech, underscored the Inc Ransom group's tactics, stating that they are known for their double-extortion method of not only encrypting systems but also stealing data. This technique has become increasingly prevalent in ransomware attacks, escalating the stakes for organizations and individuals alike.
As the investigation continues, the fallout from this attack poses a significant challenge for Leicester City Council and its residents. With sensitive information in the hands of cybercriminals, the path to recovery could be fraught with anxiety and uncertainty for those affected. The council's response plan and cooperation with cybersecurity authorities will be critical in navigating the ongoing repercussions of this breach.