Well, they might be able to get away with burying a king under a car park for a few hundred years, but this was always going to come out in the open fairly quickly.....
Ransomware gang did steal residents' confidential data, UK city council admits
Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand. The attack began nearly a month ago on March 7 and since then, the English city council has continually refused to say whether ransomware was involved or if …
COMMENTS
-
-
Thursday 4th April 2024 15:31 GMT Recluse
Re: I am beginning to think . . .
I’ve long ago reached that conclusion … I won’t even apply for my bus pass entitlement on the basis I don't trust the council idiots to safely secure my identification data and photograph.
Now if I could just get the DVLA. to delete my driving licence photo … Oh forgot about the idiots at HMRC & NHS and the Electoral Commission (but as to the latter, I seem to recall its already all gone to some foreign entity with them having been hacked)
My personal data is very important to me, but only post hacking, does security become top priority to these numpties (or was that posterior/bonus covering?)
Horse, door, stable, bolts, shut, me thinks
God help us all if they introduce a mandatory biometric national ID card
-
Thursday 4th April 2024 11:30 GMT elsergiovolador
Storage
That's why we need government to store all the data about us they possibly can. This way when the foxy data thieves enter the hen house they will be overwhelmed by sheer amount of data, they won't be able to download anything meaningful before the coppers read a headline in a local newspaper that there is an ongoing data thievery, try to ignore it and then under pressure from the public reluctantly come assess the situation. At which point thieves realise they ran out of space and only managed to download 20 years worth of heartbeat rate at 0.001s resolution of one citizen.
-
Friday 5th April 2024 09:38 GMT The Dogs Meevonks
Re: Storage
I was going to suggest that for every snippet of 'real' info about people, any company that stores your data is required to store 100x as much fake data. In the hope that this might make these companies rethink their delusion/craving that everyone's privacy and information is their entitled right.
-
-
Thursday 4th April 2024 11:56 GMT abend0c4
Sword, meet Damocles
In the original article, El Reg quoted Eerke Boiten, professor of cybersecurity at De Montfort University Leicester as saying, relating to "anything where personal circumstances get dealt with", that:
...you would expect that such data has extra protection on it so that an attack that hits the main systems doesn't automatically get into the sensitive databases that have extra levels of protection, adding ...Leicester City Council has a good reputation for information governance, so I have some faith that the damage done in terms of sensitive data will be quite limited.
In retrospect, that statement seems quite a hostage to fortune and not entirely the help to the council that was apparently intended.
-
Thursday 4th April 2024 14:46 GMT Snowy
The leaked files include scans of residents' identification documents such as passports and driving licenses, bank statements, and various official council forms for matters regarding rent, social housing, and more.
Once the documents have been used to prove identification why are the kept. If they must be kept why are they kept online?
-
-
Thursday 4th April 2024 21:16 GMT Tron
I may be repeating myself.
quote: scans of residents' identification documents such as passports and driving licenses, bank statements.
Muppets. This sort of stuff should never be held on a system connected to the internet. You have your internet connected system and you have your internal system. Two colour-coded terminals on each desk if you want to keep it really simple. A carbon based life-form air gaps this. Nothing fancy but it works. Systems are too complicated and adequate skills too expensive and too rare for internet connected systems to ever be secure enough. So you keep your private stuff on a system that can never be accessed online. Your net connected systems, if they are hacked, should be rigged to be easily flushed and restored with minimal ephemeral losses.
I would point out that there is a fair few quid to be had developing and setting up properly air-gapped systems.
We can repeat this ad infinitum, but change in local government is from slow to generational. So expect many more such events.
-
Friday 5th April 2024 12:40 GMT Anonymous Coward
As I said the last time... The good old UK Public Sector
"The natural home of incompetent IT staff who can't get a proper job in IT and senior council manglers on huge salaries who couldnt organise a day out for alcoholics in a brewery where the bottles are already open."
And of course have IT security courtesy of Stevie Wonder.