Hacked Hackney Council files leaked online

Cybercriminals post stolen documents, including alleged passport details, on the dark web

Posted 7 January 2021 by Christine Horton

Cybercriminals have posted what they claim are documents stolen from Hackney Council in a ransomware attack last year.

The council in East London was hit by what it described as a “serious cyberattack” in October.

Sky News today reports that a criminal group known as Pysa/Mespinoza by security researchers has published what it claims to be a range of sensitive information held by the authority. The documents were posted on a dark net website which lists the stolen data to sell for extortion purposes.

The file names of the documents suggest the stolen files contain very sensitive information, including those with titles such as ‘passportsdump’, ‘staffdata’ and ‘PhotoID’, although Sky News says it has not downloaded the information to verify it.

More investment and protection

The extent of the data breach was never confirmed by the council. However, it reported itself to the data watchdog and at the time said it was working with the National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

Matt Aldridge, principal solutions architect at Carbonite & Webroot said that once a data breach occurs, and the data has been exfiltrated, no amount of ransom payment can guarantee that all copies of the data will be securely destroyed.

“As well as technical controls, such as next-generation anti-malware and web access security solutions, it is critical to ensure that staff are properly trained to prevent breaches, and that their skills are regularly tested. Secure and trusted backups of course are also essential for recovery against a ransomware attack, but unfortunately that would not help in the case of a release of stolen data,” he said.

“Understanding the criticality and sensitivity of all organisational data is key, and different data types, locations and classifications should be protected appropriately, with more investment and protection being put in place to protect the most sensitive data within the organisation. Regular reviews need to be made to keep on top of this situation, as data locations, types and flows are constantly changing in any modern organisation.”

There was a surge in cyberattacks targeting local authorities in 2020, according to the NCSC, with the threat exacerbated by the increase in remote working during the COVID-19 pandemic.