Data stolen from Hackney Borough Council in a major cyber attack last October has been published online by the hackers responsible.
Cyber security experts working with the local authority have confirmed “a limited set of data” has now been published online, four months after hackers infiltrated its networks.
The truth about ransomware The scariest security horror stories of 2020 Ransomware gangs pretend to delete stolen data to extort victims twice, report warns
The council has said the data, the nature of which hasn’t been disclosed, wasn’t published on any widely available public forums and is not visible through conventional search engines.
This means the data has likely been published on the dark web; a common practice by some groups following a ransomware attack either as proof of an attack, or if a ransom is demanded but not paid.
“It is utterly deplorable that organised criminals chose last year to deliberately attack Hackney, damaging services and stealing from our borough, our staff, and our residents in this way, and all while we were in the middle of responding to a global pandemic,” said the major of Hackney, Philip Glanville.
“Now four months on, at the start of a new year and as we are all responding to the second wave, they have decided to compound that attack and now release stolen data. Working with our partners we will do everything we can to help bring them to justice.”
The attack on council services in October last year led to outages lasting several weeks. The payment portal for paying rent and service charge, for example, was still unavailable a month after the incident.
Glanville added the council is in contact with residents and staff about any risk to their personal data, and are working with its cyber security partners to assess the data and take action. The council has also been working with the National Cyber Security Centre (NCSC), National Crime Agency (NCA), and Information Commissioner’s Office (ICO).
Although the data hasn’t been fully examined, Hackney Borough Council is confident the vast majority of sensitive or personal information it holds hasn’t been affected.
The council hasn’t confirmed this was specifically a ransomware attack, although a handful of prominent cyber crime outfits have been known to publish their victims’ data on their own online platforms after an attack, which is accessible through the dark web.
DopplePaymer, for instance, published a sample of archive files online last year after hacking into a digital transformation company that boasts clients such as NASA and the Defense Information Systems Agency (DISA).
The tactic has also been commonly deployed by the Maze and Sodinokibi groups in the past as a blackmailing technique. The threat of publishing stolen material could potentially expose organisations to bad press, fines, and action by data regulators.
IT Pro asked Hackney Borough Council what internal measures it has taken following the incident in October, and whether it can confirm the attack involved ransomware.
-
The generative AI ‘scramble’ is over - now it’s time to sort your infrastructure or fall behindNews Building out robust infrastructure is key to ensuring future AI success
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
