back to article Ransomware gang did steal residents' confidential data, UK city council admits

Leicester City Council is finally admitting its "cyber incident" was carried out by a ransomware gang and that data was stolen, hours after the criminals forced its hand. The attack began nearly a month ago on March 7 and since then, the English city council has continually refused to say whether ransomware was involved or if …

  1. Anonymous Coward
    Anonymous Coward

    Well, they might be able to get away with burying a king under a car park for a few hundred years, but this was always going to come out in the open fairly quickly.....

  2. m4r35n357 Silver badge

    I am beginning to think . . .

    that the Internet is _entirely unfit_ for the purpose of storing _any_ personal information, full stop.

    1. DJV Silver badge

      Re: I am beginning to think . . .

      It's about time that these people start to understand that air-gapping confidential data might be a good idea.

    2. Recluse

      Re: I am beginning to think . . .

      I’ve long ago reached that conclusion … I won’t even apply for my bus pass entitlement on the basis I don't trust the council idiots to safely secure my identification data and photograph.

      Now if I could just get the DVLA. to delete my driving licence photo … Oh forgot about the idiots at HMRC & NHS and the Electoral Commission (but as to the latter, I seem to recall its already all gone to some foreign entity with them having been hacked)

      My personal data is very important to me, but only post hacking, does security become top priority to these numpties (or was that posterior/bonus covering?)

      Horse, door, stable, bolts, shut, me thinks

      God help us all if they introduce a mandatory biometric national ID card

  3. elsergiovolador Silver badge

    Storage

    That's why we need government to store all the data about us they possibly can. This way when the foxy data thieves enter the hen house they will be overwhelmed by sheer amount of data, they won't be able to download anything meaningful before the coppers read a headline in a local newspaper that there is an ongoing data thievery, try to ignore it and then under pressure from the public reluctantly come assess the situation. At which point thieves realise they ran out of space and only managed to download 20 years worth of heartbeat rate at 0.001s resolution of one citizen.

    1. The Dogs Meevonks Silver badge

      Re: Storage

      I was going to suggest that for every snippet of 'real' info about people, any company that stores your data is required to store 100x as much fake data. In the hope that this might make these companies rethink their delusion/craving that everyone's privacy and information is their entitled right.

      1. Alan Brown Silver badge

        Re: Storage

        This has long been the advice for encryption - one you start using it, encrypt EVERYTHING (including the laundry lists) and add a lot of random cruft so that attackers are drinking from a firehose

  4. abend0c4 Silver badge

    Sword, meet Damocles

    In the original article, El Reg quoted Eerke Boiten, professor of cybersecurity at De Montfort University Leicester as saying, relating to "anything where personal circumstances get dealt with", that:

    ...you would expect that such data has extra protection on it so that an attack that hits the main systems doesn't automatically get into the sensitive databases that have extra levels of protection, adding ...Leicester City Council has a good reputation for information governance, so I have some faith that the damage done in terms of sensitive data will be quite limited.

    In retrospect, that statement seems quite a hostage to fortune and not entirely the help to the council that was apparently intended.

  5. Anonymous Coward
    Anonymous Coward

    One has to wonder why they are storing scans of documents they only need to use for verification of identity, once seen and confirmed why the hell are they stored?

    1. IGotOut Silver badge

      "once seen and confirmed why the hell are they stored?"

      That's an easy one to answer.

      Look up "Windrush Scandal"

  6. Snowy Silver badge
    Flame

    The leaked files include scans of residents' identification documents such as passports and driving licenses, bank statements, and various official council forms for matters regarding rent, social housing, and more.

    Once the documents have been used to prove identification why are the kept. If they must be kept why are they kept online?

  7. Doctor Syntax Silver badge

    "and have also notified the Information Commissioner"

    When? When they were supposed to within the prescribed time limit or when they could no longer hie it?

  8. Tron Silver badge

    I may be repeating myself.

    quote: scans of residents' identification documents such as passports and driving licenses, bank statements.

    Muppets. This sort of stuff should never be held on a system connected to the internet. You have your internet connected system and you have your internal system. Two colour-coded terminals on each desk if you want to keep it really simple. A carbon based life-form air gaps this. Nothing fancy but it works. Systems are too complicated and adequate skills too expensive and too rare for internet connected systems to ever be secure enough. So you keep your private stuff on a system that can never be accessed online. Your net connected systems, if they are hacked, should be rigged to be easily flushed and restored with minimal ephemeral losses.

    I would point out that there is a fair few quid to be had developing and setting up properly air-gapped systems.

    We can repeat this ad infinitum, but change in local government is from slow to generational. So expect many more such events.

  9. Tim 49

    Regional Misrepresentation

    Please write 100 lines:

    "This is an article featuring a place in England. In the UK, the correct spelling of centers is centres. We also spell license licence when it's a noun."

    Thank you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Regional Misrepresentation

      And neighbourhood!

      1. Tim 49

        Re: Regional Misrepresentation

        Aargh. My assimilation must have begun. I missed that one.

  10. Anonymous Coward
    Anonymous Coward

    As I said the last time... The good old UK Public Sector

    "The natural home of incompetent IT staff who can't get a proper job in IT and senior council manglers on huge salaries who couldnt organise a day out for alcoholics in a brewery where the bottles are already open."

    And of course have IT security courtesy of Stevie Wonder.

  11. Stuart Elliott
    FAIL

    I really hope he didn't spell it APOLOGIZE

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like