A Manchester law firm has begun assisting Leicester residents impacted by a cyber-attack, which disrupted financial support payments and other council services.
Barings Law is working to help the affected residents, which is estimated to be as many as 400,000, receive compensation after the well-known ransomware group, INC Ransom, hacked the midland council on March 7th.
When news of the cyber-attack broke in April, only 25 sensitive documents were believed to be exposed by INC Ransom, who have a track record for targeting international educational and health organisations.
However, Head of Data Breach at Barings Law, Adnan Malik, explained it has since been confirmed that INC Ransom accessed at least 1.3 terabytes worth of sensitive data.
“The hackers’ first release of data included documents such as rent statements, social housing purchasing applications and passport details.
Mr Malik
“The cyber-attack forced the council to shut down its IT systems, which affected other areas of operation, including streetlights being left on during the day.
“The sophisticated level of attack highlights the importance of adequate organisational cyber-security. Without proper measures, innocent people will continue to be placed at risk and have their information stolen.”
Drawing on its experience in dealing with data breach cases including the Ministry of Defence and Capita attacks, Barings Law is urging affected Leicester residents take action.Drawing on its experience in dealing with data breach cases including the Ministry of Defence and Capita attacks, Barings Law is urging affected Leicester residents take action.
“At present Leicester City Council is working with Leicestershire Police and the National Cyber Security Centre as part of an ongoing investigation.
Mr Malik
“As a result, only those deemed to be most at risk will receive notification from the council that they have been affected.
“Due to the amount of data published, the council cannot contact everyone affected, but once the investigation has concluded, we expect that more information will be released and more affected people will be notified.”
This hack follows a string of similar incidents at UK councils, including Central Bedfordshire Council which paid out more than £70k, Doncaster City Council which has paid out £15K since 2021 and Lancashire County Council which paid out more than £50k.
According to its revenue budget, Leicester City Council estimates a £153.6 million tax income for 2024/25, based on an assumed tax increase of just below 5%.
The Council also reported that it holds a £15 million emergency reserves balance, which Mr Malik said should be tapped into if it means providing victims with justice.
Mr Malik emphasised that residents deserve adequate reimbursement for being put at risk due to the breach.
“No resident, in any council, should have their support payments delayed due to a data breach. It is unacceptable for a council to not safeguard its information.
“Unfortunately, what we’re seeing is a worrying trend and it won’t get better unless councils invest money in cyber security.”
Mr Malik added that councils, and organisations, can improve cyber-security through two-factor authentication, storing and backing up encrypted data and running tests to see how they would handle a hack, just to name a few.
“There are a lot of ways to protect data, and councils need to see the value in spending that money to stop the hacks,” he stated.
“Barings Law is committed to standing up for victims and helping them receive the justice they deserve.
“Our legal teams will continue to monitor the Leicester City Council situation closely, and I encourage anyone affected to reach out.”