Ouch.
On 7 March 2024, the UK’s Leicester City Council had its systems disrupted by a devastating cyber attack, forcing it to shut down its IT systems and phone lines.
Among those affected were care home workers and the homeless.
By the end of March, the council was “not yet able to say” if any data had been breached during the attack.
But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.
Nasty stuff. And the council described the data breach as a “very serious matter.”
Well, yes, it is serious if malicious hackers steal 25 documents.
But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents. The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.
Part of Leicester City council’s FAQ on the data breach
What has happened and what has the council done to manage the incident?
Following the cyber incident on 7 March 2024, the ransomware group responsible has published approximately 1.3 terabytes of data.
We appreciate that this may be worrying and so we have created the following FAQs.
What kind of information has been stolen?
We are reviewing the data that has been published, the previous data release consisted of documents including rent statements, applications to purchase council housing and documents related to this such as passport details.
Due to the amount of data that has now been published we cannot contact everybody who is affected. We are reviewing the data and will be prioritising the people at highest risk.
And Leicester City Council can’t rule out the possibility that yet more data might be leaked in the future.
If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…