Adur and Worthing Councils launch investigation into new contractor data breaches
The data of 84 Adur and Worthing residents may have been accessed by a criminal gang as part of a cyber attack
Last updated 15th Jun 2023
Adur & Worthing Councils have launched an investigation after two of their contractors were caught up in an international data breach.
Debt collection agencies Rundles and Jacobs have contacted the councils to say that the data of 84 Adur and Worthing residents may have been accessed by a criminal gang as part of a cyber attack on businesses and organisations around the world.
The Council uses the companies to pursue unpaid debts. The companies had been using the MOVEit computer system to send letters to the residents when the software was illegally hacked on or after May 31.
An international hacking gang has claimed responsibility online for the attack. It has demanded ransoms from some businesses but has said that it has deleted its copy of data it took from local authorities, law enforcement agencies and government departments.
The Councils were told on Tuesday 13 June that Adur and Worthing residents were among the victims. The Rundles data breach involves 79 residents while the Jacobs breach involves five residents.
An investigation was immediately launched to identify who those victims were and if more members of the community could have been targeted.
The Councils have been told the data included residents’ names, addresses, details of their debts to the Councils and reference numbers. The contractors have informed the Councils that MOVEit is no longer able to be accessed by the hackers and that data is at no further risk.
At this stage the Councils believe the risk to the residents is very low, but are writing to those involved to inform them and to apologise.
The Councils have also written to the Information Commissioner’s Office - the independent body set up to uphold people’s information rights - to ensure it is aware of what has happened. They have also contacted the national cyber security team at the Department for Levelling Up, Housing and Communities for assistance.
An Adur & Worthing Councils spokesperson said: “We are extremely unhappy that some of our residents’ data has been able to be accessed in this way.
“Although the risk to our residents in this case appears to be low, they have the right to expect their personal data to be protected.
“We treat data protection extremely seriously and are currently identifying each and every one of our residents that has been affected so that we can contact them to apologise.
“We are also liaising with the national cyber-security team, the Information Commissioner and our contractors to ensure that everything is being done to prevent something like this happening again.”
This incident is not connected to a data breach involving another of the Councils’ contractors, Capita, which became public last month.
There is no need for residents to do anything unless the Councils have contacted them on this issue.
However, if residents have any concerns they can contact the Councils’ data protection officer by emailing data.protection@adur-worthing.gov.uk.