Leicester City Council has acknowledged that some data on its IT systems was stolen in a cyber attack early last month.
This follows an earlier report that it has been recovering from the incident that caused a shutdown of its systems.
In a statement published on the afternoon of 3 April, the council's strategic director of city developments, Richard Sword, said: “We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group," said Richard Sword, Leicester City Council's strategic director of city developments and neighbourhoods. “This group is known to have attacked a number of government, education and healthcare organisations.
“This relates to the cyber incident identified by the council on 7 March, which led to us closing down our IT systems.
“At the moment we are aware of around 25 or so confidential documents that have been published online. They include rent statements, applications to purchase council housing and identification documents such as passport information.
“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the information commissioner.
“We realise this will cause anxiety for those affected, and want to apologise for any distress caused.
“At this stage we are not able to say with certainty whether other documents have been extracted from our systems, however we believe it is very possible that they have.
“We are continuing to work with the cyber crime team at Leicestershire Police and the National Cyber Security Centre as part of this ongoing criminal investigation.
“As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”
Advice to staff and public
The council added that it is encouraging staff and the public to be on their guard for anyone trying to access their systems, or approaches from anyone claiming to be in possessions of data relating to them. It said that if the latter occurs it should be reported to Leicestershire Police on the 101 telephone line or online.
The statement came after a report in The Register that a cyber criminal gang named INC Ransom has indicated that it was responsible for the attack and claimed to have stolen 3TB of data, although the post that made the claims was soon removed.
Leicester City Council had previously said that most of its main service portals are now back online, including My Account for access to council services and those used for bidding for council housing, planning applications and parking permits.
In addition, its leisure centres have been able to return to operating as normal, computers and Wi-Fi are available again in its libraries, and almost all of the council’s 5,000 staff with email addresses are now back online.
Customer service lines for children and adults’ social care have also been reopened.
Up and running
Speaking late week, Andrew Shilliam, the council’s director of corporate services, said: “We’re pleased that most of our online service portals and customer service lines are now up and running again.
“Next week, I hope to report that the remaining phone lines have been restored and that we’re making progress on dealing with a backlog of emails and requests.
“We’re very sorry for the inconvenience caused by the cyber incident and want to thank people for their patience while we restore our systems. I’d also like to thank all of our partners in the city who have supported us as we deal with this incident.”
This story was rewritten after Leicester City Council issued its statement of 3 April