Hackney Mayor calls cyberattack “morally repugnant” as disruption continues

Philip Glanville, Mayor of Hackney, has released an update on the “serious” cyberattack against the London council. It was first reported on 13 October and continues to have a significant impact on services for the borough’s 280,000 residents.

“I am incredibly angry that organised criminals have chosen to attack us in this way, and in the middle of dealing with a global pandemic,” Glanville said. “It is morally repugnant, and is making it harder for us to deliver the services [citizens] rely on.”

He added: “What we know so far is that the attack has impacted our ‘legacy’ and non-cloud-based systems – including many systems that are needed for essential services that residents depend on, whether that’s taking or making payments, logging repairs for our tenants, or approving applications ─ from licensing to planning. Our newer, cloud-based services were not affected.”

Critical systems for combating COVID-19, such as local contact tracing, are operating, he said.

Workarounds

The council is working closely with the government, National Cyber Security Centre, National Crime Agency and other experts to investigate the attack, which has also has been reported to the Information Commissioner’s Office (ICO) to probe whether data has been breached.

While council officers are trying to restore affected services quickly, some may be significantly disrupted for some time, Glanville warned. He said the council is finding “workarounds” where possible, enabling housing benefit payments, for example, to be made. A system has also been put in place to allow residents to report housing repairs, and similar solutions are in the pipeline for other services.

Further details about the nature of the attack have not been released. Glanville said: “Being clear and transparent is really important to the Council and we’d like to say more about the nature of the attack and the impact it is having on our services, but we must also make sure that we do not inadvertently assist the attackers by doing so.”

“This is a serious and complex criminal attack on public services,” he added.

Growing challenge

Cyber threats are a growing problem for local authorities in the UK and elsewhere, and the risks are even higher as cities battle COVID-19.

In recent years, US cities including New Orleans, Baltimore and Atlanta have faced major cyberattacks, as well as smaller municipalities such as Riviera Beach and New Bedford.

In the UK, a February attack on Redcar and Cleveland’s systems is estimated to have cost more than £10 million (US$12.9 million).

In the first half of 2019, local councils in the UK faced 263 million cyberattacks and the government sector was found to be the sixth-most targeted sector in the IBM X -Force Threat Intelligence Index, 2020.

“Municipal governments have particularly come under attack in recent years, as cybercriminals seek to collect extortion money from organisations that are less likely to be as secure as those in the private sector,” the Index  report states.