Election staff’ knowledge stolen in cyber breach of Oxford Metropolis Council
Oxford Metropolis Council election staff from 2001 to 2022 had private data accessed by hackers in an assault over the weekend of seven to eight June.
The council has issued a assertion disclosing that the hackers had been capable of entry some historic knowledge on what it known as “legacy programs”.
Its assertion stated an “unauthorised presence was detected inside our community [on 7-8 June]. Our automated safety programs kicked in, eliminated the presence and minimised the entry the attackers needed to our programs and databases.
“We then quickly deployed exterior cyber safety specialists to help us and proactively took down every of the council’s important programs to hold out full safety checks and examine the incident,” it stated.
The council added that some disruption had been induced to a few of its providers due to the measures it needed to take, taking down every of its important programs. That work was carried out by what it described as “exterior cyber safety specialists”.
Investigation into the incident is ongoing, confirmed the council, because it continues to “establish as exactly as we will what was accessed and what, if something, may need been taken out of our programs. There is no such thing as a proof of a mass obtain or extraction of knowledge.
“We’ve got already taken motion to stop any additional unauthorised entry to our programs, and we’ve got reported the incident to the related authorities authorities and regulation enforcement companies,” it added.
Native authorities has been an everyday goal for cyber attackers in recent times. In January 2024, three native authorities in Kent – Canterbury Metropolis Council, Dover District Council and Thanet District Council – all fell prey to assaults that took a number of citizen-facing programs offline. The Nationwide Cyber Safety Centre labored with all three on the time to assist reply and remediate.
In October 2024, native authorities our bodies have been invited to benefit from an NCSC-derived Cyber Evaluation Framework (CAF) by the Ministry of Housing, Communities and Native Authorities (MHCLG).
On the time, Ben Cheetham, deputy director of digital at MHCLG, stated the launch of the CAF represented a brand new focus for the division by way of cyber resilience.
“Thus far, MHCLG’s cyber help for councils has centered on remediating severe vulnerabilities to assist enhance the sector’s resilience to malware and ransomware,” he stated.
“With the evolving cyber risk, it’s now time to show our consideration to how we help councils to strengthen their cyber resilience for years to come back.
“The CAF for native authorities helps organisations assess and enhance their cyber safety via a risk-based and holistic strategy,” stated Cheetham. “This requires collaboration throughout the organisation, breaking down perceptions that cyber safety is solely an IT subject.”
Phrases of reassurance
At current, Oxford Metropolis Council is stressing its restoration from the incident, along with phrases of reassurance to these whose private data has been uncovered to the attackers.
“We’re happy to say that the majority of our programs are actually safely up and working once more, and the remaining programs must be again on-line this week,” it stated, in a press release dated 19 June.
“We perceive that folks might be involved, and at this time we’ve got individually contacted individuals probably affected to elucidate what occurred, what help is accessible, and the steps we’re taking to make sure one thing like this doesn’t occur once more.”
