Security News > 2024 > July > London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data

London's inner city district of Hackney says the UK's data protection watchdog has misunderstood and "Exaggerated" details surrounding a ransomware attack on its systems in 2020.

During the attack, thieves stole data of 280,000 Hackney residents, council employees and more, and some of the system's backups were deleted after the crooks broke into a server using an insecure password on a dormant account.

Among the conclusions made by the ICO following an investigation into the 2020 attack, it said Hackney Council had failed to properly implement a patch management system and change an insecure password on a dormant account which was ultimately used to initially gain access to its servers.

A spokesperson for the council said today: "While we welcome the ICO completing its investigation, we maintain that the Council has not breached its security obligations. We consider that the ICO has misunderstood the facts and misapplied the law with respect to the issues in question, and has mischaracterized and exaggerated the risk to residents' data."

"We deeply regret the impact that this senseless criminal attack had on Hackney residents and businesses, and I am grateful to council staff who continued delivering for our communities despite the challenges, and to our residents for their patience while services were impacted."

The ICO said 9,605 files were stolen by the criminals and these contained data such as race and ethnicity, religious beliefs, sexual orientation, health data, economic data, criminal offense data, and the usual personal information that's often included in data breaches: names, addresses, etc.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/17/londons_hackney_council_accuses_the/