DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

London Borough of Hackney reprimanded following cyber-attack

Posted on July 17, 2024 by Dissent

From the Information Commissioner’s Office:

We have issued the London Borough of Hackey with a reprimand following a cyber-attack in 2020 that led to hackers gaining access to and encrypting 440,000 files, affecting at least 280,000 residents and other individuals including staff.

In October 2020, hackers attacked the London Borough of Hackney (LBoH) systems – accessing, encrypting, and in some instances exfiltrating records containing personal data. The encrypted data included data on residents that revealed their racial or ethnic origin, religious beliefs, sexual orientation, health data, economic data, criminal offence data, and other data including basic personal identifiers such as names and addresses.

Some of the data which was encrypted was also exfiltrated by the attackers. Of those affected records, we understand that 9,605 records were exfiltrated, with the attack being acknowledged by LBoH to have “posed a meaningful risk of harm” to 230 data subjects.

The hackers encrypted the data and then deleted 10% of the council’s backup before the council managed to intervene. The cyber-attack also resulted in LBoH systems being disrupted for many months with, in some instances, services not being back to normal service until 2022. One such instance of this disruption related to LBoH’s ability to deal with Freedom of Information requests and subject access requests. We received 39 complaints from individuals who had made subject access requests to LBoH between August and October 2020 but had not received an appropriate response.

In the subsequent investigation into the data breaches, we found examples of a lack of proper security and processes to protect personal data. LBOH failed to ensure that a security patch management system was actively applied to all devices, and failed to change an insecure password on a dormant account still connected to Hackney council servers which was exploited by the attackers.

Read more at the ICO’s website.

Category: Commentaries and AnalysesGovernment SectorMalwareNon-U.S.

Post navigation

← Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack
Bassett Furniture shuts down manufacturing facilities after ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.