Gloucester City Council reprimanded over cyber attack

A council which spent £1m on fixing a cyber-attack has been reprimanded by the data protection regulator.

Gloucester City Council's systems and services were compromised by a ransomware attack in December 2021.

Hackers sent an e-mail designed to look like part of a conversation, releasing malicious software which made almost every council system inaccessible.

The Information Commissioner's Office (ICO) has found the council did not have the correct monitoring systems.

The Government's data watchdog said the council did not have a central logging system, which would have helped detect the attack and may have prevented it from spreading.

The ICO has asked the council to perform a full review of its back up and disaster recovery measures.

The council will scrutinise a report at a meeting on Monday, external to look at lessons learnt from the attack.

The breach disrupted housing benefit claims, council tax payments, leisure centre bookings and Covid-related services.

On 20 December 2021, the council's networks and servers were encrypted with ransomware, a specialised piece of software that scrambles the information stored on a computer and asks for payment to unscramble it.

Investigators were able to determine that the attackers specially crafted an e-mail was received on 24 November 2021, which was designed to look like part of an ongoing conversation with one of the council's suppliers.

The e-mail contained a link to a malicious piece of software that was used to create a hidden backdoor into the council's network, making almost every council system inaccessible.

More than 240,000 council files were transferred to a file-sharing site in New Zealand.

Attackers left a ransom note demanding money and threatened to release private files to the public. In line with the National Cyber Security Centre (NCSC) guidance, no attempt was made to contact or negotiate with the attackers or to pay the ransom.

The problem persisted for months and the city authority has had to rebuild all of its services.

Staff found themselves having to deal with massively increased workloads and said they were incredibly stressed by the whole process.

In a staff survey this year, 49% said their personal morale had been affected.

The council says it has learnt a number of lessons from the cyber-attack and that these will be monitored by the council's Information Governance Board to ensure they are put in place.

Follow BBC West on Facebook, external, X, external and Instagram, external. Send your story ideas to: bristol@bbc.co.uk , external