Personal information, held by Hackney Council’s Housing Management Service, was not only hacked and downloaded but it was later published online.
Information exposed in the data breach included tenants’ names and contact details as well as any health-related information such as vulnerabilities they may have.
Commenting on the Hackney Council data breach, Mark Montaldo, a director at CEL Solicitors which specialises in data breach compensation claims, said: “The potential vulnerability of those affected makes this data breach especially worrying.
“All too often we see victims of data breaches go on to be targeted by criminals so to know this information has been published on the dark web is really concerning. It’s for this reason that more needs to be done to guard against cyber-attacks and protect people’s personal data.”
On the 11th October 2020, Hackney Council was subject to a serious data breach. The data breach involved a cyber-attack in which hackers used malicious software to encrypt and disrupt the council’s systems.
The criminal gang behind the Pysa, or Mespinoza, ransomware claimed responsibility for the cyber-attack on Hackney Council last year. In January of this year, the cyber attackers went on to publish the data it stole on the dark web in an attempt to extort money from Hackney Council.
The information stolen in the Hackney Council data breach included a significant amount of personally identifiable information including, but not limited to, passport data, scans of tenancy audit documents for public housing tenants, staff data and information on community safety.
It was originally reported that the systems which allow residents to pay rent and council tax, as well as accessing housing benefit payments, went down after the hack. Other services that were affected included discretionary payments designed to help people with housing costs and applications to join the housing waiting list. Noise complaints couldn’t be reported after the hack, and the council’s licensing and planning systems were also affected.
Commenting on the Hackney Council data breach, the mayor of Hackney, Philip Glanville, said: “I fully understand and share the concern of residents and staff about any risk to their personal data, and we are working as quickly as possible with our partners to assess the data and take action, including informing people who are affected.”
Hackney Council is working closely with the National Cyber Security Centre, the National Crime Agency, the Information Commissioner’s Office, the Metropolitan Police and private sector security experts to establish what happened and what information has been published. As and when it becomes aware of whose data has been breached it is notifying them by letter.