Personal data compromised in Gateshead Council cyber attack

Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.

The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).

The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.

Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.

"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.

"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.

"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."

Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.

"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.

"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."

Who was behind the Gateshead Council attack?

The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.

The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.

Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.

"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.

"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."

According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.

England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.