Russian hackers behind "sophisticated cyber-attack" on Gloucester City Council

Russian hackers were behind a “sophisticated cyber-attack” which knocked out council services in Gloucester and may have accessed personal data, civic chiefs have officially confirmed.

Gloucester City Council has now concluded its investigation into the attack which saw their IT systems compromised on December 20, 2021.

And while the Local Democracy Reporting Service has previously reported that cyber criminals linked to Russia were behind the attack it is the first time this has been officially acknowledged by the authority.

The cyber-attack caused damage to the council’s network and online services, with a number of systems having to be taken offline. It caused havoc for residents across the city with benefit payments, planning services and property searches disrupted.

The council worked with the National Crime Agency and the National Cyber Security Centre, part of GCHQ, as well as informing the Information Commissioner’s Office to minimise any further risks.

The city council has been working with cyber incident response experts to investigate the extent of the incident.

Now that this has finished, they want to advise residents that some personal information may have been taken but they say nothing has been published online.

While some information the city council holds about residents may have been accessed during the cyber attack, to date nothing taken has been published online.

And they believe it is now unlikely that it will be published based on advice the council has received from law enforcement agencies.

Earlier this year, the government sanctioned seven individuals associated with Conti, the criminal group thought to be involved in this incident.

This group has also been behind attacks which targeted several other organisations including hospitals, schools, businesses and other local authorities.

Due to the multi-national action being taken against individuals connected with the group suspected of carrying out this attack, and following advice received from national law enforcement agencies, the city council believes that it is now unlikely any information taken will be published.

The National Crime Agency continues to scan for stolen information released on the internet and, if the city council is informed that any information taken during this incident is published in the future, we would then notify individuals affected.

Most of the council systems, such as the ‘Report It’ service that allows issues like fly-tipping to be reported, and the Local Land Charge service used to carry out searches for prospective homeowners, are now repaired.

Jon McGinty, Gloucester City Council Managing Director, said: “This has been a challenging period and I want to thank our residents for their patience and uvnderstanding; I also want to thank our staff for their hard work keeping services to the public going during this period of recovery.

“I share the annoyance of the public that we were targeted in this way; this criminal group targeted our council amongst other private and public sector organisations to disrupt our public services in an attempt to extort a ransom payment from the council.

“I am sorry for any concern this announcement may cause residents and members of the public, but would like to emphasise this occurred in December 2021 and based on advice received from our national law enforcement partners, the council believes that it is unlikely that any information taken will be released in the future.”

Further information about this incident is available through a website notification and FAQs page on the council’s website.