Gloucester cyberattack: six months since Russian hackers brought the city council to its knees

The lives of many people in Gloucester were turned upside down in December when city services were disrupted by a major cyberattack. Benefit payments, planning applications, house sales have all been delayed after hackers compromised Gloucester City Council’s computer systems.

Six months later, the council is still a long way from bringing all of its services back to normal. On December 20, council officials became aware that their systems were compromised. Malware, that is, software specifically designed to disrupt, damage, or gain unauthorized access to a computer, had entered their systems.

The malware is believed to have entered via an email sent by a third party to a council officer and has since been linked by insiders to hackers operating from Russia. However, council leaders have so far refused to officially confirm this, citing that the cyberattack is under criminal investigation.

READ MORE: Red tape nightmare will lead to an explosion in gull populations in Gloucester

The cyberattack would have encrypted large parts of the council’s files and restricted access to them and they had to rebuild all of their computer servers. In the first weeks and months after the hack was identified, other local authorities and government agencies blocked emails from the city council as a precaution.

Until recently, the council could not process the land charge searches that house buyers needed to make a purchase. People who have tried to move in the past six months say they were left in a “total void” and some risked having their mortgage offers cancelled.

The council has set aside £630,000 to fund the recovery work, but opposition councilors fear the total cost could be in the millions. They criticized the council’s lack of insurance to cover cyberattacks.

And one of the big unanswered questions from council leaders is whether or not people’s personal information has been accessed by hackers. The council was fined £100,000 after 30,000 emails were downloaded by hacking group Anonymous in 2014.

Liberal Democrat group leader Jeremy Hilton (LD, Kingshom and Wotton) said he was very concerned that the council had not ruled out the possibility that personal information had been compromised.

“I am concerned about the time it took to recover our systems, it is far too long. I am concerned about the potential cost to the taxpayer and the big unanswered question is whether personal data has been compromised. We were never guaranteed that was not the case.”

NO MORE NEWS: The trail is changing the backlog so much that ‘people are dying waiting’ for cases to be settled in Gloucestershire

Labor leader Terry Pullen (L, Moreland) echoes those concerns. He asked if any personal data was compromised in January, but he has yet to receive any assurances.

He said the cyber attack had a major impact on services and there were not many people in Gloucester who had not been affected by the loss of services. “Very slowly things are getting back to normal, but nobody expected it to take six months and there is still a long way to go,” said Cllr Pullen.

“There are still many questions that remain unanswered but I am particularly concerned that no one on the council can say what the final cost will be and who will pay. One can only assume that taxpayers will foot the bill.

“Even more concerning than that, in January I asked the Performance and Resources Cabinet Member to find out if people’s personal information had been compromised. I did not receive a conclusive response at that time and I have never received insurance since.

‘There aren’t many people in Gloucester who don’t share personal information with the council in one way or another, whether it’s paying council tax, sharing data for elections or by receiving benefits of any kind. People have a right to know if there has been a breach of their personal information and the board has a responsibility to inform them.”

No insurance against cyberattacks

Gloucester City Council has set aside £630,000 to fund the recovery of its IT systems

Leaders of Gloucester City Council confirmed earlier this year that the authority was not secure against cyberattacks earlier this year. They decided not to insure after receiving advice from insurance brokers and auditors.

However, since the incident the council’s chief executive, Jon McGinty, has discussed with the Local Government Association and insurers ways to improve the products offered to the insurance market for the councils. He has been invited to join a meeting with Zurich and the LGA on June 17 to share lessons learned from the Gloucester incident for the benefit of the wider industry.

Speaking to Cabinet on June 14, Cllr Hilton said Gloucestershire County Council had been insured for cyber recovery for a number of years. He said: “The current policy requires a number of conditions to meet any possible claim and there is a deductible of £50,000.

“I just wonder that given the fact that we have set aside £630,000 for recovery, if we had insurance we might not have had to set aside so much money. But also, I wonder if having insurance policies requiring certain security within the systems would make us less vulnerable to a cyberattack.

Council leader Richard Cook (C, Kingsway) said County Council policy would not have covered the costs the council incurred to rebuild its systems.

“We would still have incurred the same type of costs even if we had the same policy. However, the Managing Director is considering a self-insurance scheme through the LGA and this may be a better way to insure ourselves for the future.

Online planning services still affected

Newly built homes on a housing estate.
The council’s online planning portal has yet to be restored.

Since the cyberattack, people have been unable to access the council’s planning portal online. This means people have had to resubmit their objections to planning applications and historical plans are not accessible.

Council leader Cook said the system was close to being restored, but could not give a specific date for when it will be restored. Cllr Hilton asked if everything would be up and running by July 30 as he understood the systems had been rebuilt but were undergoing final testing.

He said: “Six months is really too long to decommission the system. We know that caused problems. You cannot read objections made by other people on a particular scheduling app. We can’t go back to see the history of a plan and things like the Hill Farm app got delayed and now we have an appeal against us because we were able to figure that out due to the cyberattack.

“And those of us who objected to the original request had to send the objections to the planning request to the inspector. It’s really important to get the planning portal up and running as soon as possible.

Cllr Cook apologized to everyone involved and said officers were working to get the system online as soon as possible. He said the Hackney Council suffered a cyberattack in October 2020 and still had not recovered all of its systems.

“They are still working on it. I know our agents are working on it as fast as they can. It depends on the quality of the tests. I can’t do dates because I can’t read the future.”

Electoral register issues

The cyberattack also affected the council's electoral register
The cyberattack also affected the council’s electoral register

Cllr Hilton also raised concerns last week about the impact of the cyberattack on the voter roll. He said a resident contacted him about registering to vote on the electoral register and the problems the council was having due to the cyberattack.

“He is particularly worried because he moved in in February and cannot register on the electoral lists. We have to fix this as soon as possible. »

He asked if the board kept hard copies of all signed forms submitted by people registering for a mail-in vote. Cllr Hilton asked, “Surely we kept all the signed forms so we could check if there was a by-election or a snap general election?”

Chief executive Jon McGinty said the board plans to write to all registered postal voters on the matter. “We don’t keep hard copies beyond a certain date. We destroy them once the details have been scanned,” he said.

“All signatures and documents are scanned into our voter registration system and then we destroy the paper originals for very reasonable data protection reasons. When people vote by mail in an election.

“There is software that compares the signature to those stored in the system images. There will be a few thousand paper documents from recent applications, but that’s a very small proportion of the total number of mail-in ballot registrations. With most of them, the original documents have been destroyed.

Previous CERT-In issues threat alerts for Adobe, Microsoft and others
Next Here's How to Stay Debt Free After Credit Card Consolidation