Personal data compromised in Gateshead Council cyber attack
The Medusa ransomware group has claimed responsibility for the attack
Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.
The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).
The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.
Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.
"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.
"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.
"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."
Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.
"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.
"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."
Who was behind the Gateshead Council attack?
The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.
The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.
Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.
"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.
RELATED WHITEPAPER
"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."
According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.
England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.
-
Logitech’s new keyboard and mouse aim to make you as comfortable as possible while you work from home (or in the office)News The Signature Comfort Plus keyboard and mouse are soft and padded, and full of customisable buttons
-
Destination AISponsored Con l'accelerazione dell'adozione dell''AI aziendale, i partner IT devono spostare la loro attenzione dall'hype tecnologico ai risultati aziendali tangibili, sfruttando ecosistemi strutturati per promuovere la monetizzazione a lungo termine
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
UK government calls on firms to sign Cyber Resilience Pledge as security sector boomsNews With new figures showing a boom in the country's cybersecurity sector, the government calling on businesses to make the most of the industry’s expertise
-
‘We’re not investing as much as we should in their skills and development’: Skills shortages remain a key factor in security breaches — and things could get worse with AI in the equationNews Skills capabilities remain a key factor in security breaches, according to a new study
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Pay up or expect attrition: 77% of cyber professionals missed out on pay rises last year – and almost half now plan to switch rolesNews Organizations are overlooking cyber pros when it comes to pay increases, and it could cost them dearly
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
