When a breach goes from 25 documents to 1.3 terabytes…
- by nlqip
Ouch.
On 7 March 2024, the UK’s Leicester City Council had its systems disrupted by a devastating cyber attack, forcing it to shut down its IT systems and phone lines.
Among those affected were care home workers and the homeless.
By the end of March, the council was “not yet able to say” if any data had been breached during the attack.
But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.
Nasty stuff. And the council described the data breach as a “very serious matter.”
Well, yes, it is serious if malicious hackers steal 25 documents.
But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents. The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.
What has happened and what has the council done to manage the incident?
Following the cyber incident on 7 March 2024, the ransomware group responsible has published approximately 1.3 terabytes of data.
We appreciate that this may be worrying and so we have created the following FAQs.
What kind of information has been stolen?
We are reviewing the data that has been published, the previous data release consisted of documents including rent statements, applications to purchase council housing and documents related to this such as passport details.
Due to the amount of data that has now been published we cannot contact everybody who is affected. We are reviewing the data and will be prioritising the people at highest risk.
And Leicester City Council can’t rule out the possibility that yet more data might be leaked in the future.
If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…
Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.
Source link
lol
Ouch. On 7 March 2024, the UK’s Leicester City Council had its systems disrupted by a devastating cyber attack, forcing it to shut down its IT systems and phone lines. Among those affected were care home workers and the homeless. Sign up to our free newsletter.Security news, advice, and tips. By the end of March,…
Recent Posts
- Bob Sullivan Discovers a Scam That Strikes Twice
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA