Council contractors caught up in international data breach by hacking gang | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Adur and Worthing Councils are investigating after two council contractors were caught up in an international data breach (Image: Archant)

An investigation has been launched after two council contractors were caught up in an international data breach by an international hacking gang.

Debt collection agencies Rundles and Jacobs have contacted Adur and Worthing Councils to say the data of 84 Adur and Worthing residents may have been accessed by a criminal gang as part of a cyber attack on businesses and organisations around the world.

The council uses the companies to pursue unpaid debts. The companies had been using the MOVEit computer system to send letters to the residents when the software was illegally hacked on or after May 31.

An international hacking gang has claimed responsibility online for the attack. It has demanded ransoms from some businesses but said it has deleted its copy of data it took from local authorities, law enforcement agencies and government departments.

The councils were told on Tuesday that Adur and Worthing residents were among the victims. The Rundles data breach involves 79 residents while the Jacobs breach involves five residents.

The councils said an investigation was immediately launched to identify who those victims were and if more members of the community could have been targeted.

Get more stories delivered to your inbox every day by signing up to our morning newsletter

The councils have been told the data included residents’ names, addresses, details of their debts to the councils and reference numbers. The contractors have informed the councils that MOVEit is no longer able to be accessed by the hackers and that data is at no further risk.

At this stage the councils believe the risk to the residents is very low but are writing to those involved to inform them and to apologise.

The councils have also written to the Information Commissioner’s Office – the independent body set up to uphold people’s information rights – to ensure it is aware of what has happened. They have also contacted the national cyber security team at the Department for Levelling Up, Housing and Communities for assistance.

An Adur and Worthing Councils spokesman said: “We are extremely unhappy that some of our residents’ data has been able to be accessed in this way.

“Although the risk to our residents in this case appears to be low, they have the right to expect their personal data to be protected.

“We treat data protection extremely seriously and are currently identifying each and every one of our residents that has been affected so that we can contact them to apologise.

“We are also liaising with the national cyber security team, the Information Commissioner and our contractors to ensure that everything is being done to prevent something like this happening again.”

This incident is not connected to a data breach involving another of the councils’ contractors, Capita, which became public last month, the councils said.


Click Here For The Original Story From This Source.

National Cyber Security