Extortion Attack on English City: Law Violation and State Grant Impacted

Gloucester, located in Western Midland, UK, is facing significant financial costs of over £1.1 million ($1.39 million) for recovery after falling victim to a cyber attack in December 2021. The municipality disclosed the information about the costs during a meeting held in response to a warning from the Information Commissioner’s Office (ICO) regarding insufficient measures to prevent the incident. The cyber attack resulted in the leakage of personal data belonging to residents and the general public.

The investigation into the cyber attack revealed that it was caused by a phishing email. As a result, the municipality allocated significant funds towards attracting security specialists, purchasing necessary software, replacing critical equipment, and transferring all IT systems to cloud hosting. Out of the total expenses, £250,000 ($315,000) were covered by state grants.

The ICO highlighted several key shortcomings in the municipality’s actions, including the lack of information security and security management systems, such as Security Information and Event Management (SIEM). Additionally, the municipality failed to prevent attackers from tampering with system logs, leading to the loss of important evidence and complicating the investigation and mitigation of the incident.

Despite the presence of backup systems, the decision to fully restore the systems caused significant delays in restoring access to personal data. The ICO expressed concerns about the municipality’s inability to quickly regain access to personal data and identify individuals at risk of information leakage.

The actions of the municipality were found to be in violation of the General Data Protection Regulations (GDPR) of the UK, which theoretically could have resulted in a fine of up to 4% of the organization’s global turnover. However, considering the existence of backup copies and the fact that the source of the attack was an electronic letter from a third party, the ICO issued a warning instead.

/Reports, release notes, official announcements.