After months of chaos which saw data fall into the hands of cyber criminals from Russia who hacked into Gloucester City Council, the authority will “just get a slap on the wrist”. The authority was targeted by hackers in late 2021 and public services across Gloucester were severely disrupted during the following year.
The now disbanded group of Russian cyber criminals compromised the council’s systems by using a “very sophisticated” spear phishing attack. Council officers became aware their systems had been compromised on December 20 that year and ransomware, a malicious computer programme, had encrypted their files.
The authority has since had to rebuild all of its computer servers as it battled to set up workarounds to continue to deliver services. The total cost of the attack now stands at £849,452.48 and last month they revealed that the hackers may have accessed personal data, civic chiefs have officially confirmed.
READ MORE: Gloucester residents endure postal delays as civic chiefs are ‘ignored’ by Royal Mail
However, despite this major breach councillors have been told the authority will not be fined by the Information Commissioner’s Office. Councillor Tree Chambers-Dubus (L, Moreland) asked a last night’s (July 13) full council meeting: “Is the reprimand effectively just a slap on the wrist?”
Performance and resources cabinet member Hannah Norman (C, Quedgeley Fieldcourt) told those present at North Warehouse that the reprimand is one of the actions the ICO can take in an incident such as Gloucester’s. “What that basically means is a statement will be put on their website which says Gloucester CIty Council, in their eyes, needs to be reprimanded for what happened back in December 2021,” she said.
“The indication at this stage is that there is no intention to fine the authority.” She said it was “quite eye opening” to see on their website the other organisations that have been reprimanded which include police forces, major insurers and large corporate and government entities.