Hackney Council could be forced to answer questions about IT security training after Psya ransomware
A council hit by a cyber attack could be forced to answer questions about the IT and security training it gave staff when they were forced to work from home because of the pandemic.
Cyber criminals struck Hackney Council in October 2020, with Pysa, or Mespinoza, ransomware paralysing some of its online services.
Four months later, employees’ and residents’ data was allegedly published on the dark web by hackers who claimed it came from the attack on the London council’s IT systems.
The council said the attack affected “a limited set of data, it has not been published on a widely available public forum, and is not available through search engines on the internet”.
The National Crime Agency is still investigating the attack, as is the National Cyber Security Centre.
Missing data
The attack has cost the council millions of pounds and it is still missing data across many services.
It said the most critical services were Mosaic for social care, Academy for its benefits and revenues, and M3 for planning and land charges and delivering modern digital tools in housing.
Other local authorities have been targeted by hackers. Gloucester Council became the latest victim when it was attacked for the second time in December, when hackers hit services including revenue and benefits and planning.
Salisbury, Copeland and Islington councils were also affected by cyber attacks over the 2017 August bank holiday, when hackers unsuccessfully asked for a bitcoin ransom in return for data.
The attack on Hackney affected benefits data. Some people were unable to perform property searches, which affected some house sales in the east London borough.
Information commissioner to take action
The council now faces action from the information commissioner after refusing to say whether it gave council staff security training when they were required to work from home during the pandemic.
Liberal Democrat campaigner Darren Martin submitted a Freedom of Information request to ask the council what IT security training was given to staff in the two years leading up to the cyber attack.
“If it turns out that the attack that has left our vital services crippled in the borough since 2020…
