Cyberattacks have recently attacked three Kent local authorities: Canterbury City Council, Dover District Council, and Thanet District Council. The Kentish local authorities confirmed the ongoing investigation into a cyberattack in a joint statement last week.
These cyberattacks disrupted online services, possibly affecting hundreds of thousands of citizens. The National Cyber Security Centre (NCSC) and authorities are working closely together to respond quickly to security incidents and efficiently tackle issues.
After receiving emails, officials for Canterbury (Robert Davis), Dover (Andy Steele), and Thanet (Marvia Roach) councils verified the outcome of an ongoing cyberattacks. There have been disruptions to the regular functioning of some areas of the councils’ websites due to the unknown cause of the incident.
Critical services in Canterbury, such as the planning department, online forms, and maps, have been temporarily unavailable. Meanwhile, Dover residents are having difficulty getting online forms, while Thanet is now experiencing issues with its planning department and online forms.
The councils of Canterbury and Dover released a joint statement that stated:
Our email system and website have been available throughout, although some parts of the website may not quite work as intended. We are sorry for any inconvenience people may have experienced over the past few days and will provide updates as and when we have them.
The website of Canterbury City Council currently shows that residents are unable to apply for, report difficulties, or make online payments for most facilities. Furthermore, you can’t find planning applications, leave comments on them, or use online maps for the time being.
The three councils have outsourced their HR and IT services, according to Stephen Robinson, a senior threat intelligence analyst at the cybersecurity company WithSecure. They rely on Civica, which is part of the East Kent Services collaboration, and its website is now offline.
Notably, the East Kent website is presently down, raising questions about the status of these important resources.
At these three councils, Civica, a privately held technology and solutions firm, is key to the management of vital services like debt recovery, benefit administration, revenue collection, and customer service. Civica has declined to comment on the situation in response to multiple requests.
According to Robinson:
It is very likely that this is where the incident occurred, which gives an indication of what services may have been affected and what data may have been accessed.
Civica’s move to leave the business process outsourcing (BPO) industry marks a dramatic change in direction. Since the existing contract will expire in January 2025, the councils are actively planning their course of action.
The Civica representative commented on their remarks:
We can confirm that this incident was not caused by any of our systems. We will support affected customers if requested and assist in any way we can to minimise the impact for them and the citizens they serve.
The UK government faced several difficulties because of the attack on the well-known outsourcing firm Capita last year. The extent of the damage, which affected essential services like pensions and other sensitive data, had to be carefully assessed by incident response teams.
The Parliamentary Joint Committee on the National Security Strategy exposed a serious vulnerability in ransomware security at the top layers of the UK government in a report published prior to Christmas 2023. The study emphasised that public services in the United Kingdom were largely at risk of luck.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.