Hackney Borough Council has warned that many of its key services are still unavailable and could be for "months" following a cyber attack that knocked its IT systems offline.
The council was hit by a "serious" cyber attack in October, affecting many of its services and IT systems. In an update posted today, the East London-based council said that while some services, such as its coronavirus response, continue to operate as normal, others "may be unavailable or disrupted for months".
Hackney Council's online payment portal for paying rent and service charges remains unavailable, for example, and the council is unable to accept payments in person or over the phone.
The Council's online form for reporting repairs also remains disrupted, and it says it cannot currently respond to some enquiries around service charge bills or provide rent statements, payment records or repair histories.
Hackney Council has also lost the ability to access emails sent to a number of council inboxes between 12 October and 26 October.
"The Council is continuing to work hard to recover systems needed to resolve significant disruption created by the serious cyberattack that has prevented residents accessing some Council services in recent weeks," it said in a statement.
"Our teams have worked incredibly hard to ensure all essential services for residents have remained in place, and to provide as much support as possible where normal operations have been disrupted."
The nature of the cyber attack remains unclear, though speculation suggests Hackney Council was hit by a ransomware attack. The Council has yet to confirm whether the data of Hackney residents has been compromised.
13/20/2020: Hackney Council targeted by "serious" cyber attack
Hackney Borough Council has been targeted by a serious cyber attack which has knocked its services and IT systems offline, the London-based local government body has admitted.
The council has disclosed little about the nature of the attack, or which services have been disrupted by the “serious” incident. Officials, however, are working with the National Cyber Security Centre (NCSC) as well as the Ministry of Housing, Communities and Local Government (MHCLG) as part of an ongoing investigation.
“Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems,” said the mayor of Hackney Phil Glanville.
“This investigation is at an early stage, and limited information is currently available. We will continue to provide updates as our investigation progresses. Our focus is on continuing to deliver essential frontline services, especially to our most vulnerable residents, and protecting data, while restoring affected services as soon as possible.
“In the meantime, some Council services may be unavailable or slower than normal, and our call centre is extremely busy. We ask that residents and businesses only contact us if absolutely necessary, and to bear with us while we seek to resolve these issues.”
The NCSC confirmed it’s aware of an incident affecting Hackney Borough Council and is offering support to understand the impact of the incident.
Cyber attacks against local government bodies are fairly common, with research published in 2018 suggesting three-quarters of councils had suffered some form of cyber attack in the past year. When including phishing as an attack vector, a staggering 87% reported experiencing a form of cyber attack.
Uptime is everything
Why observability is so critical to today's business infrastructure
The financial implications, too, are staggering, with an attack that affected Redcar and Cleveland council’s IT systems estimated to have cost in the region of £10.4 million.
Part of the cost of the security incident, which took down the council’s website and local services in February 2020, included £2.4 million in remediation and replacement work for the body’s IT infrastructure. This is in addition to £3.4 million of costs incurred by individual departments, as well a further £1 million in losses due to a reduction of taxes collected.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.