Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.
The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).
The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.
Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.
"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.
"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.
"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."
Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.
"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.
"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."
Who was behind the Gateshead Council attack?
The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.
The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.
Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.
"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.
RELATED WHITEPAPER
"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."
According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.
England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.
-
Criminals target APIs as web attacks skyrocket globallyNews More than a third of web attacks target APIs as AI expands attack surfaces and brings new security challenges
-
What to look out for at RSAC Conference 2025Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘We are now a full-fledged powerhouse’: Two years on from its Series B round, Hack the Box targets further growth with AI-powered cyber training programs and new market opportunitiesNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Law enforcement needs to fight fire with fire on AI threatsNews UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
