St Helens Council in North West England faced has significant disruption following a targeted cyber attack, a recent report has revealed.
The council fell victim to what is believed to be a ransomware incident, leading to a compromise of key systems in August this year. Attackers were able to leverage the breach to extract and transfer data to the cloud between the 17th and 21st August.
Numerous staff members and teams were affected before responders brought the incident under control, and a “comprehensive” recovery plan is now in motion.
Extended period of recovery
The council remains in an “extended period” of recovery, with a detailed post-incident action plan aimed at restoring normal business operations.
Insights gained from the incident will be instrumental in shaping future improvements to bolster security and mitigate the risk of similar attacks, it highlights.
The findings will be presented to a forthcoming cabinet meeting, as well as commending the technical response teams for their prompt identification of the attack’s source and their effective containment efforts. The report also emphasises that the council maintained close collaboration with various stakeholders, including the Department for Levelling Up, Housing and Communities, the Information Commissioner’s Office (ICO), and the Department for Work and Pensions (DWP), throughout the response and recovery phases.
Notably, data loss was promptly reported to the ICO within the expected timeframe. Following an internal investigation, the ICO said it was satisfied with the resolution and that it doesn’t intend to pursue enforcement action.
Although there is no indication about the type of data affected, it can be assumed not to be personal data as there has been no announcement and the ICO is satisfied.
The cabinet is recommended to acknowledge the report and endorse the proposals measures outlined to fortify the council’s systems and safeguard associated data in the future.