Inadequate protection of the systems led to a leak of residents data.
The city of Gloucester in the West Midlands, United Kingdom, is facing a significant financial cost of more than £1.1 million ($1.39 million). to recover from a cyberattack using a ransomware program that occurred in December 2021. Information on costs was disclosed as part of the agenda of the municipality meeting.
The context of the meeting was determined by the warning received by the municipality from the Information Commissioner's Office (ICO) for insufficient measures to prevent the incident. The cyberattack led to the leakage of personal data of residents and the public.
An investigation revealed that the attack was caused by a phishing email. In this regard, significant funds were spent on attracting security specialists, purchasing the necessary software, replacing critical equipment, and transferring all IT systems to cloud hosting. Of the total expenditure, £250,000 ($315,000) was covered by government grants.
The ICO highlighted several key shortcomings in the municipality's actions, including the lack of a Security Information and Event Management (SIEM) system and the inability to prevent malicious users from tampering with system logs, which resulted in the loss of important evidence, thus complicating the investigation and remediation of the incident.
Despite the availability of backup systems, the decision to fully restore the system significantly delayed the process of restoring access to personal data. The ICO also expressed concern about the municipality's inability to quickly restore access to personal data and identify individuals at risk of information leakage.
The actions of the municipality were found to be violations of the General Data Protection Regulations of the United Kingdom (GDPR), which could theoretically lead to a fine of up to 4% of the organization's global turnover. However, the ICO was limited to a warning, given the availability of backups and the fact that the source of the attack was an email from a third party.
The city of Gloucester in the West Midlands, United Kingdom, is facing a significant financial cost of more than £1.1 million ($1.39 million). to recover from a cyberattack using a ransomware program that occurred in December 2021. Information on costs was disclosed as part of the agenda of the municipality meeting.
The context of the meeting was determined by the warning received by the municipality from the Information Commissioner's Office (ICO) for insufficient measures to prevent the incident. The cyberattack led to the leakage of personal data of residents and the public.
An investigation revealed that the attack was caused by a phishing email. In this regard, significant funds were spent on attracting security specialists, purchasing the necessary software, replacing critical equipment, and transferring all IT systems to cloud hosting. Of the total expenditure, £250,000 ($315,000) was covered by government grants.
The ICO highlighted several key shortcomings in the municipality's actions, including the lack of a Security Information and Event Management (SIEM) system and the inability to prevent malicious users from tampering with system logs, which resulted in the loss of important evidence, thus complicating the investigation and remediation of the incident.
Despite the availability of backup systems, the decision to fully restore the system significantly delayed the process of restoring access to personal data. The ICO also expressed concern about the municipality's inability to quickly restore access to personal data and identify individuals at risk of information leakage.
The actions of the municipality were found to be violations of the General Data Protection Regulations of the United Kingdom (GDPR), which could theoretically lead to a fine of up to 4% of the organization's global turnover. However, the ICO was limited to a warning, given the availability of backups and the fact that the source of the attack was an email from a third party.
