It seems like London can’t catch a break! Not long after some of their hospitals suffered a politically-motivated Cyber Attack, now Hackney Council has been reprimanded. The drama here though, is whether it’s deserved. You may be familiar with the Hackney council leak in 2020. If not, it was more than just a “little breach.  However, after a recent examination by the ICO (Information Commissioners Office), Hackney might be sanctioned. Let’s look at the gossip!

 

Just how bad is it?

Hackney was hit by some pretty skilled hackers who managed to get into and encrypt a whopping 440,000 files. Not good.

The Information Commissioner’s Office (ICO) stepped in to investigate and found that the council had dropped the ball big time when it came to protecting its systems. Personally, I’ve had a history of making blogs on councils that have been breached, so this claim, at first, doesn’t seem like a shocking one.

Of course, my opinion isn’t the legal one here though. The ICO’s verdict? Hackney Council didn’t have enough measures in place to ward off such an attack.

However, this is where the drama continues… Hackney Council isn’t having it. They’re standing their ground, saying they did everything by the book and didn’t breach their security obligations. Now of course, this claim will be quite interesting to come back to at a later date, as one way or another, this case will be investigated to a conclusion.

 

ICO reported information

The ICO obviously wasn’t impressed with Hackney’s security measures, but why? So far, ICOs have reported the security wasn’t up to scratch across some devices. For example, “a weak password on an old, inactive account was still connected to their servers and got exploited by the hackers”. As tragic as it is, that’s exactly why you always need to regularly maintain your IT, either externally or internally. Shameless promo aside, let’s continue.

They actually publicly declared that the situation was a “clear and avoidable error”. In this case, I think we can all agree, based on the current facts. Additionally, the information that got breached in question is a little more troubling.

 

What got breached?

What’s even scarier is what the hackers got their hands on. Information about religious beliefs, health, criminal records, economic data, and sexual orientation. According to the ICO, over 9,600 records were stolen, posing a “meaningful risk of harm” to about 230 people. This is a classic example of why we should all be concerned when a business or organisation gets breached- it’s not just them that might be in trouble, it might be you too!

In terms of service, the council’s operations were halted too. Some services didn’t get back to normal until 2022. That’s a long time to deal with such a mess!

Luckily, there haven’t been any cases yet of anyone being personally breached by this. It’s likely that the data got sold rather than immediately exploited.

In summary: keep your accountants locked down! You don’t want to end up in a situation like this. Stay safe out there.

But that’s enough serious talk for the day. We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!