Ellie Ames 17 July 2024

Hackney accuses ICO of ‘exaggerating’ cyber attack risk

Hackney accuses ICO of ‘exaggerating’ cyber attack risk image
Image: Pungu x / Shutterstock.com

Hackney London Borough Council has dismissed a finding that it had breached data protection law before records were lost in a cyber attack.

The Information Commissioner’s Office (ICO) has issued the council with a reprimand after hackers accessed and encrypted 440,000 files in 2020.

The regulator said its investigation revealed a lack of proper security and processes to protect personal data at the council.

Hackers were able to access records with residents’ addresses, racial or ethnic origin, religious beliefs, sexual orientation, and health, economic and criminal offence data.

Some 9,605 records were also exfiltrated.

At least 280,000 residents were affected by the breach, and the council acknowledged that the attack ‘posed a meaningful risk of harm’ to 230 data subjects.

Deputy ICO commissioner Stephen Bonner said: ‘This was a clear and avoidable error from London Borough of Hackney – one that has resulted in a mass loss of data and has had a severely detrimental impact on many residents.’

But the council maintained that it had not breached its security obligations.

A spokesperson said: ‘We consider that the ICO has misunderstood the facts and misapplied the law with respect to the issues in question, and has mischaracterised and exaggerated the risk to residents’ data.’

However, the authority said it was not in residents’ interests to use its resources to challenge the ICO’s decision.

Devolution and putting place first image

Devolution and putting place first

The real lesson of Andy Burnham's Makerfield success, argues Dr Jonathan Carr-West, is that place – not personality – is the key to Britain's future.
SIGN UP
For your free daily news bulletin
Highways jobs

ICT Business Support & Development Officer

Essex County Council
£31284.00 - £35721.00 per annum
Essex County Council (ECC) are delighted to be supporting Braintree Council to recruit an ICT Business Support & Development Officer on a full-time b England, Essex, Braintree
Recuriter: Essex County Council

ICT Project Officer - Braintree District Council

Essex County Council
£31284.0000 - £35721.0000 per annum
Essex County Council (ECC) are delighted to be supporting Braintree Council to recruit an ICT Project Manager on a full-time basis.Please click here England, Essex, Braintree
Recuriter: Essex County Council

Corporate Director - Planning

Dorset Council
£97,966 - £126,181
Do you share our ambition for Dorset? Dorset
Recuriter: Dorset Council

Director - South London Partnership

South London Partnership
£99,084 - £116,847
South London is a place of real ambition and remarkable scale. London (South), London (Greater)
Recuriter: South London Partnership

Senior Practitioner - Emergency Duty Service

Essex County Council
£48205.0000 - £57988.0000 per annum
Senior Practitioner - Emergency Duty ServicePermanent, Full Time£48,205 to £57,988 per annumLocation
Recuriter: Essex County Council
Linkedin Banner