Two-thirds of London Councils Suffered Breach in Past Four Years
Around two-thirds of London’s councils have been breached over the past four years, according to a new Freedom of Information request.
Identity management firm Secure Cloudlink’s research revealed that 21 out of the capital’s 33 local authorities had suffered a data breach over the period, although Hackney and Kensington and Chelsea refused to disclose the information – ironically for security reasons.
Barnet, Camden, Croydon, Greenwich, Lambeth, Lewisham, Wandsworth, Westminster and the City of London were among those affected, while Bexley, Bromley, Ealing, Enfield and Haringey were on the list of those which managed not to spill data during the period.
Fortunately, there’s no evidence to suggest that any breached citizens’ data has been subsequently been used in follow-up fraud or cyber attacks.
However, the research confirms that data protection in local government is still far from perfect.
“Designs that were once suitable have not been updated to keep pace with today’s digital economy, and because of this, hackers have been able to capitalise and steal information much more easily,” argued Secure Cloudlink chairman, Mark Leonard.
“The Cyber Essentials Scheme in fact is a government-backed initiative that aims to provide clearer guidance and advice for organisations looking to improve their cyber security housekeeping. Its advice is certainly valuable in providing the solid foundations to improving security practices. On top of this, education must also be balanced with having the necessary systems in place to counter threats.”
The FoI findings reflect those of UK privacy watchdog the Information Commissioner’s Office (ICO).
In the second quarter, the sector was the second most prevalent for data security incidents after healthcare.
Incidents in local government increased 44% from the previous quarter.
The ICO had the following:
“Local governments handle a large volume of information, much of which is sensitive; if the security of this data is compromised, this could potentially be distressing for any affected individuals. For example, in Q1 2016/17, 31% of local government incidents (19 incidents) affected health or clinical data.”
Source: Information Security Magazine