Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.
The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).
The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.
Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.
"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.
"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.
"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."
Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.
"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.
"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."
Who was behind the Gateshead Council attack?
The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.
The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.
Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.
"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.
RELATED WHITEPAPER
"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."
According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.
England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.
-
HP ZBook Ultra G1a reviewReviews AMD's new Ryzen AI Max+ 395 redefines what we can expect from a laptop chipset with an integrated GPU and delivers outstanding performance
-
AI in the legal sector: How to separate the signal from the noiseSupported From contract review to litigation strategy, AI promises efficiency. But with so much noise in the market, legal professionals must know how to spot tools that deliver real value
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
