William Eichler 12 June 2017

Council fined £100,000 after hackers stole sensitive information

A council has been fined £100,000 after being accused of failing to repair a ‘vulnerability’ in the authority’s software which allowed hackers to access sensitive information.

The Information Commissioner’s Office (ICO) issued Gloucester City Council with the fine after a cyber attacker accessed council employees’ sensitive personal information.

The council said they were ‘disappointed’ by the decision which they would appeal.

The attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes.

The messages contained financial and sensitive information about council staff.

According to the ICO, the attacker — someone claiming to be part of the hacking group Anonymous — exploited the much publicised ‘Heartbleed’ software flaw. 

The council’s failure to fix this vulnerability left personal information at risk and broke data protection law, said the ICO.  

‘This was a serious oversight on the part of Gloucester City Council. The attack happened when the organisation was outsourcing their IT systems,’ Sally Anne Poole, group enforcement manager at the ICO.

‘A lack of oversight of this outsourcing, along with inadequate security measures on sensitive emails, left them vulnerable to an attack.’

The ICO investigation found that the council did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made.

Responding to the ICO’s decision, Jon McGinty, managing director of Gloucester City Council, said: ‘The council is very disappointed with this decision by the Information Commissioner, and is considering its position whether to appeal.

‘The council takes the security of its data very seriously and remains of the view that it did take swift and reasonable steps in 2014 to prevent a data breach as soon as it was alerted to the existence of this hacking vulnerability and the availability of a security patch.

‘The Heartbleed vulnerability was a threat to businesses for some time before a patch was issued by software providers.’  

‘There is insufficient evidence to show that the hacking event took place after the council became aware of the existence of the potential vulnerability,’ he continued.

‘The council believes that the penalty issued by the ICO  will have a serious and detrimental impact on its finances, and the services that we will be able to provide to the residents of Gloucester in the future.

‘The council has invested more than £1m over the past 3 years to further improve its IT security and remains vigilant to the threats that all businesses face on a daily basis.  

‘The council did account for the risk of this potential fine in its accounts for 2016-17 but nevertheless its payment will only result in money being taken away from the people of Gloucester and given to Treasury.’

SIGN UP
For your free daily news bulletin
Highways jobs

Chief Executive

Glasgow City Council
c. £200k
Glasgow is a city with a proud heritage, that is ambitious for the future. Glasgow, Glasgow City
Recuriter: Glasgow City Council

Social Worker

Wakefield Council
£33,024.00 to £35,745.00, grade 8
Social Care Direct has an exciting opportunity for a Level 1 Social Worker to join our friendly team. Wakefield, West Yorkshire
Recuriter: Wakefield Council

Woodworking Tutor, Part Time, Term Time - Basildon

Essex County Council
Up to £28432 per annum + pro rata
Woodworking Tutor, Part Time, Term Time - BasildonPermanent, Part TimeUp to £28,432 per annum, pro rataLocation
Recuriter: Essex County Council

Senior Property Surveyor RBKC614550

The Royal Borough of Kensington & Chelsea Council
£64,929 - £74,220 per annum
At RBKC, we are committed to changing for the better and we are determined to put our residents at the heart of every decision. Kensington and Chelsea, London (Greater)
Recuriter: The Royal Borough of Kensington & Chelsea Council

Library and Neighbourhood Hubs Representative x 2

Rotherham Metropolitan Borough Council
£23,500 - £23,893 pro rata
We are currently seeking to recruit a highly motivated individual with a passion for delivering the very best customer service. Rotherham, South Yorkshire
Recuriter: Rotherham Metropolitan Borough Council
Linkedin Banner

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.