In March 2024, Leicester City Council was hit by a cyber-attack by INC Ransom, a ransomware group known for targeting several educational and health organisations around the world.
The attack, compromising the sensitive information held by the council, forced them to shut down their IT systems. The breach resulted in weeks of disruption, with Leicester City Council severely impacted. For example, they were unable to switch off streetlights because the hackers prevented them from accessing the required systems.
What data has been breached?
Initially, only 25 sensitive documents were believed to have been exposed by INC Ransom, who claimed responsibility for the attack and posted proof online. However, it’s since been confirmed that they accessed at least 1.3 terabytes worth of sensitive data. The hackers’ first release of data included documents such as rent statements, social housing purchasing applications and passport details.
Leicester City Council are now reviewing their records to clarify what data has been stolen and have notified the Information Commissioner’s Office (ICO) of their actions.
Once Barings Law has more information about what data has been exposed, we will provide updates.
How do I know if I have been affected by the data breach?
Leicester City Council are reviewing the released data, and will contact directly those they consider to be high risk.
Due to the amount of data published, the council cannot contact everyone affected. As a criminal investigation is currently under way, they are also unable to release any more details under the Freedom of Information Act 2000.
The information is currently exempt from release under Section 31(1) – Law Enforcement. Releasing any information relating to the investigation at this time could prejudice the investigators’ ability to apprehend the offenders. Once the investigation has concluded, we anticipate that Leicester City Council will continue to contact those who have been affected.
What are my rights if I have been affected?
Individuals who have been affected by a data breach may have grounds to claim for compensation. However, at present the council is working with Leicestershire Police and the National Cyber Security Centre as part of an ongoing investigation. As a result, only those deemed to be most at risk will receive notification from the council that they have been affected.
Once the investigation has concluded, we expect that more information will be released, and more affected people will be notified. Barings Law’s legal teams will continue to monitor the situation closely.
At Barings Law, your legal concerns are our top priority. Whether you need guidance on a complex legal matter or have questions about our services, our team is ready to assist you.
Copyright © 2024 Barings Law.
All rights reserved.
