The cybercriminals who had launched ransomware called Pysa ransomware or Mespinoza ransomware on the Hackney Borough Council back in October lately published the data on a dark web forum. They have claimed that the information is the stolen documents from the Council.
The Pysa ransomware operators said that they were responsible for the cyberattack that disrupted the online services of the Council. This incident had left many of its systems inoperable just a few months back.
In a statement, the Council had said that just a limited set of data had been released on the dark web and requires a specialist software to get access. It had added that the vast majority of the sensitive personal data it grasped stayed unaffected during the Pysa ransomware attack.
“Hackney Council has been made aware that data stolen in October’s cyber attack has been published by the organized criminals responsible for the attack,” the statement reads.
“The experts supporting the Council believe that this is a limited set of data, it has not been published on a widely available public forum, and is not visible through search engines on the Internet.”
The Council had added that it was closely working with the National Crime Agency, the Metropolitan Police, the National Cyber Security Centre, private security experts and the Information Commissioner’s Office for establishing the exact details of the information the hackers had published.
Some media reports have claimed the data dump appears to contain a vast amount of sensitive data, including photo IDs, staff data, passport data, information on community safety and the tenancy audit documents scans for the public housing tenants.
Philip Glanville, the Hackney mayor, had said that it had been a shameful incident that the hackers have deliberately hacked the Hackney Council while the pandemic is still intense. It was done for disrupting the services and stealing data connected to the residents and staff from the Hackney Council’s systems.
“Now, four months on, at the start of a new year and as we are all responding to the second wave, they have decided to compound that attack and now release stolen data,” Glanville added.
“Working with our partners, we will do everything we can to help bring them to justice,” he said.
Back in October, the Hackney Borough Council had first disclosed that a cyberattack had been victimized that had disrupted entirely many of its IT systems and services.
At the same time, Glanville stated that their priority was solely to protect the data captured by the cyber actors and also to focus on delivering essential frontline services, specifically to their most vulnerable residents.
About four months after this, many of the services belonging to the Council remained disrupted, and the Council had failed to provide any timeline as to when it would be able to restore them completely.
The services disruption had also affected the house purchases in the Hackney Council.
“It’s extremely frustrating as the hack has ruined our plans and cost us money that we’ll never get back,” a resident told the BBC.
“The sale of our property fell through because our buyer wasn’t able to carry out a search on our house so couldn’t get a mortgage.”
“Subsequently we lost the house we were planning on buying and had already spent more than £1,000 on a survey for. We were hoping to have the house sorted in time to make use of the stamp duty holiday, but that’s not looking likely.”
Disclaimer: Read the complete disclaimer here.