Edinburgh Council cyber attack, details of more than 13,000 stolen

For the second time in five years, Edinburgh City Council
has been hacked again. More than 13,000 email addresses were stolen from the
counsel’s database after a “malicious cyber attack” on 26 June.
A spokesman of the council said, “This was a malicious cyber
attack on the council’s website which is hosted in a UK data centre. It was
dealt with swiftly and at no point were any council services affected.”
“We want to reassure the public the ongoing security of our website
is critically important,” he added.
According to a news report published on Edinburgh Evening
News,
cyber security experts have warned local authorities “don’t stand a
chance” against hackers.
“The attack is believed to have taken place on Friday, June
26, with council officials alerted by its data centre provider. No details have
been released regarding the source of the attack, which targeted 
the council’s
website service provider,” the report read.
The Information Commissioner has been informed of the
incident, as has the UK government’s computer emergency response team, which
monitors incidents of hacking against the public sector.
The council is now contacting 13,134 individuals who have
had their details stolen. Similarly, the city’s director of corporate
governance, Alastair Maclean, has been asking them to change any passwords used
to access the council’s website.
Napier University cyber security expert Professor Bill
Buchanan warned that hackers would be likely to try to use the data in “phishing”
scams, which attempt to con victims out of sensitive information like bank
details and passwords using bogus e-mails.
“Data like this is worth a lot. It is really quite sloppy to
lose that information. Without a doubt, in this case, the intruders could link
e-mails to the council in some way. A targeted phishing e-mail could say, in
regards to a parking ticket, ‘You contacted us in May, please could you click
on this link and give your details. G-mail addresses in particular are quite
sensitive because they tend to be the core of your online identity. If an
intruder can get into that address, they can access every single account,”
Buchanan added.
In December 2011, the personal information of people who had
contacted the council’s debt advice service was taken, with potential victims
advised to check bank and credit card statements.

Leave a Reply