ICO informed of council email hack

The government’s information watchdog is investigating a cyber attack on City of Edinburgh Council which saw hackers steal 13,000 customer email addresses.

The council said last week that it has informed the ICO about the breach, which led to the council resetting all affected accounts.

A statement from the council said that no council services were affected and no other personal data was taken during the attack which took place on 26 June.

A spokesman said: “”We are contacting everyone who has been affected to inform them of the incident and offer them advice and support.

“The Information Commissioner’s Office has been informed and preventative measures have been taken by the web service providers.

“We want to reassure the public the ongoing security of our website is critically important, and we continue to work with our service providers to ensure that the risks associated with attacks are dealt with.”

In a blog post, professor Bill Buchanan of Edinburgh Napier University said: “At a first look, the hack involving City of Edinburgh Council reported earlier this week doesn’t look too serious as there does not seem to be any passwords involved. All that has been revealed is email addresses, which can often be gained from other sources.

“The only threat would be in spear phishing of users with council-related emails, but the users involved probably will be wary of any emails sent from the council anyway.”

But he said that the public sector was struggling to keep up with the pace of increasing ICT integration and properly supporting it.

In 2011, the financial details of people who came to the council for debt advice were exposed.

Colin Marrs

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter