A cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year.
The council in East London was hit by what it described as a “serious cyber attack” in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents’ data.
The council said it was working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.
Although the extent of the data breach was never confirmed by the council, a criminal group known as Pysa/Mespinoza by security researchers has now published what it claims to be a range of sensitive information held by the authority.
The file names of the documents suggest the leaked documents contain very sensitive information, include titles such as “passportsdumps”, “staffdata” and “PhotoID”, although Sky News has not downloaded the information to verify it.
These leaked documents were posted on a darknet website hosted by the criminals in which they list a number of victims and release their data for extortion purposes.
Brett Callow, a researcher at cyber security company Emisoft, said: “It’s increasingly commonplace for ransomware groups to steal data and use the threat of its release as additional leverage to extort payment.
“Organisations in this position are without good option. Whether they par or not, they’ve had a data breach and the criminals have their information. The most they can hope for is a pinky-promise that it will be destroyed.”
The NCSC guidance on ransomware attacks states that law enforcement “do not encourage, endorse, nor condone the payment of ransom demands” and warns: “There is no guarantee that you will get access to your data or computer.”
The length of time that the council has struggled to deal with the impact of the attack suggests that no ransom was paid, although in some circumstances ransoms have been paid only for the data to prove unrecoverable.
A spokesperson for Hackney Council was unable to provide a full statement in response, but emphasised “we’re the victim of a crime here” and that there was an ongoing criminal investigation.