NI council targeted in cyber attack - fears personal data may have been stolen
Ards and North Down Borough Council has recently been the target of an unlawful ‘phishing attack’ from an external source, Chief Executive Stephen Reid revealed recently on the council website.
Phishing is a method of trying to gather personal information using deceptive e-mails and websites.
Some emails from a single account were illegally forwarded by an unknown external source, and may have exposed the personal data of the council’s customers/partners to a potential unauthorised use by an external party.
Chief Executive Stephen Reid said the council had notified the Information Commissioner’s Office about the incident and said “they remain entirely content with our approach”.
He said: “While the number of people potentially impacted is small, we do not underestimate the concern this will cause them. We have taken several important steps in response, having sought professional advice.”
He added: “We can confirm that the relevant account is no longer compromised, the unlawful attack having been identified and removed. We are working strenuously to ensure that we can minimise the impact of any attack in the future.
“The council has not been contacted in any way by the perpetrator(s), nor has it been asked for any financial payment at all. We are unaware of their motives in attacking the council’s systems.”
He said: “Anyone that the investigation deems appropriate to contact will receive further information directly from the council. Unless you are contacted directly by the council there is no further cause for concern.
“Unfortunately, these acts are now very common – in 2019 around 33% of all UK public sector organisations reported being targeted by some form of cyber-attack. We will do all that we reasonably can to minimise the impact of any potential further attacks.”
He added: “The council takes the safety and security of our systems and of our customers’ and partners’ information very seriously. We will continue to work through the challenges presented by cyber-attacks of this nature carefully and thoroughly.”