Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.
The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).
The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.
Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.
"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.
"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.
"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."
Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.
"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.
"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."
Who was behind the Gateshead Council attack?
The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.
The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.
Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.
"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.
RELATED WHITEPAPER
"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."
According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.
England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
SonicWall CEO Bob VanKirk hails ‘pivotal moment’ as firm unveils new MSP cyber solutionsNews The company is expanding its MSP solutions range and ramping up its focus on platform-based security
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘We are now a full-fledged powerhouse’: Two years on from its Series B round, Hack the Box targets further growth with AI-powered cyber training programs and new market opportunitiesNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
