Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Westminster City Council said phone lines and other services were disrupted following an attack on shared council IT infrastructure.
Two major London councils have had their online and phone services taken offline following a cyber attack targeting the IT infrastructure shared by both entities.
The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) recently reported the disruptions, adding that a third council – the London Borough of Hammersmith and Fulham – was also impacted by the incident.
“The incident was identified quickly at both RBKC and WCC on Monday morning (24 November), and the two authorities have been working closely together and with the help of specialist cyber incident experts and the National Cyber Security Centre, with the focus on protecting systems and data, restoring systems, and maintaining critical services to the public,” Westminster City Council said in a 25 November statement on its website.
The council said its phone lines were affected, but emergency calls could still be put through.
“We are diverting more resources to manage this incident and monitor emails and phone lines, and the councils have invoked business continuity and emergency plans to ensure we are still delivering critical services to residents, focusing on supporting the most vulnerable,” the council said.
A further update, published at 4pm on Wednesday, 26 November, said the councils’ IT teams had been working through the night to understand the scope of the incident.
“We will not be giving out further details of the incident at this stage because the investigation is continuing with the National Crime Agency and National Cyber Security Centre to establish exactly how our systems have been impacted and protect them from any further impacts,” WCC said.
The Information Commissioner’s Office has been informed of the incident, and investigations are underway to see what, if any, data may have been compromised. Between them, the councils serve more than 540,000 residents.
Raghu Nandakumara, vice president of industry strategy at cloud security firm Illumio, said that local councils are a juicy target for opportunistic hackers.
“Local councils store a vast amount of personal data, which can be used in the longer term to conduct further attacks, making them an attractive target for cyber criminals. In this case, if residents’ data is found to have been compromised, it may be used for phishing attacks and scams, such as fraudulent fuel-payment schemes. Along with the significant amount of sensitive data held by councils, they are often under tight budget constraints and have limited resources,” Nandakumara told Cyber Daily.
Nandakumara added that while preventing attacks may be an “unattainable goal for stretched councils”, the impact of such attacks can still be limited.
“While the decision to shut down networks was a precautionary measure to mitigate the impact, these sorts of actions are possible without cutting off vital services that thousands depend on,” Nandakumara said.
“We need to reach a point where both public and private sector organisations can contain and survive cyber attacks with minimal disruption to operations.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
