Leicester City Council in the UK has stated that it is recovering from a cyber incident that led to the shutdown of its phone lines and IT systems on March 7. However, it has not revealed any further details.
First reported on March 11, it was stated that systems were taken down over a weekend, and council services were expected to continue being disrupted for at least two weeks.
In a blog post on the site, Richard Sword, the Strategic Director of City Development and Neighbourhood Services, warned that it will take time before all systems are fully operational again.
“The good news is that we’ve now got the all-clear to start bringing our systems back online in a safe and controlled manner, and have formally entered the recovery phase of our response to this incident,” he said on March 13.
Following last week's cyber incident, we've now got the all-clear to start slowly bringing our services back online – but it's going to be a gradual process and it's going to take time.
Read more here:https://t.co/OunHOZPaaW pic.twitter.com/jj6EAOOY6j— Leicester City Council (@Leicester_News) March 13, 2024
He later updated that “good progress” had been made, and they were now in the process of switching their systems back online, “with housing, adult & children’s social care, and revenues and benefits being prioritized for this week.
“A good majority of staff are also back on the network. We still have work to do to get all of our phone lines fully up and running.”
The council said it still could not say if there had been a data breach, and that as criminal investigations were ongoing, it was not able to comment on the nature of the incident.
A week on, there’s a FAQ on Leicester city council’s website about the cyber “incident”, a notice at the customer service centre… but little further detail on what happened and what – if any – sensitive data is at risk pic.twitter.com/V8QeJ5F317
— Tim Parker (@LeicesterTim) March 14, 2024
UK’s National Cyber Security Centre (NCSC) confirmed to ReadWrite that it was investigating the incident. An NCSC spokesperson said: “We are supporting Leicester City Council to fully understand the impact of an incident.” Leicestershire Police say they are also supporting the council.
Possible risk to services
The incident is reportedly affecting care homes, leaving uncertainty around staff pay and sparking safeguarding concerns.
Shyamal Raja, the managing director of Midlands Care, a company that operates a group of care homes in Leicester and holds a contract with the council, told the BBC that the incident would carry “wider implications” for the local social care sector.
He mentioned that the council had informed him about a potential delay in a payment amounting to hundreds of thousands of pounds due to the incident.
“We’re in a fortunate position to have cash reserves or availability of lending from the bank but there’s no real end in sight – there’s a lack of definite answers,” he said.
UK government risking ‘catastrophic ransomware attack’
In December 2023, the UK government was accused by the nation’s Joint Committee on the National Security Strategy (JCNSS) of not effectively planning to prevent a large-scale cyber attack that could “bring the country to a standstill.”
The parliamentary report was highly critical of the former Home Secretary Suella Braverman for failing to address the ransomware threat:
“We found that the Home Office’s public output on cyber security and ransomware has been almost nonexistent, and has been dwarfed by its focus on small boats and illegal migration,” the JCNSS said.
Leicester City Council has been approached for further comment.
Featured image: Canva / Colin Hoskins