Following an ongoing cybersecurity issue, three councils in the United Kingdom have made the decision to take some of their public-facing systems offline. Canterbury City Council, Dover District Council, and Thanet District Council, all local authorities based in Kent, jointly announced on Friday that they are currently investigating a cyber incident. The disruption has led to potential issues for hundreds of thousands of residents who rely on online services from the three councils. In response, the councils have been closely collaborating with the United Kingdom’s National Cyber Security Center (NCSC), which has confirmed its involvement in trying to understand the full scope of the incident.
Upon reaching out for comment, spokespeople for the three affected councils, namely Robert Davis, Andy Steele, and Marvia Roach for Canterbury, Dover, and Thanet councils respectively, informed TechCrunch via email that certain parts of their websites may not function as intended due to the ongoing cybersecurity incident.
“Residents won’t be able to apply for, report something or pay for most services online at the moment” or “search or comment on planning applications or use our online maps,” stated Canterbury City Council’s current website.
Davis, speaking as the representative of Canterbury City Council, explained that the council has taken necessary precautions by isolating all systems in order to err on the side of caution. However, initial investigations have shown that there has been no unauthorized access to customer data, as reiterated in the council’s statement on the website. Both the NCSC and the three councils have declined to divulge whether the cybersecurity issue originated from an internal system within the councils or an external vendor.
According to sources, the ongoing disruption seems to be linked to an outage that has affected EK Services, an organization established by Canterbury, Dover, and Thanet back in 2011. This outsourcing company is responsible for providing various IT and human resources services to the three councils, including call center support, benefits processing, and debt recovery. As of report writing, EKS’s website cannot be accessed.
Furthermore, TechCrunch has discovered that EKS’s current payment systems, which are used by Canterbury City Council, are not functioning. Dover and Thanet councils have also reported similar issues with their online forms and payment options.
Since 2018, outsourcing giant Civica has been providing EKS services under a seven-year contract with the aim of reducing costs for the three councils.
“We can confirm that this incident was not caused by any of our systems,” stated Fintan Hastings, a spokesperson for Civica, in response to TechCrunch’s inquiry. However, Hastings refused to comment further and did not deny that EKS may have been the target of a cyberattack. “We will support affected customers if requested and assist in any way we can to minimize the impact for them and the citizens they serve,” added Hastings.
Several attempts were made to reach out to various individuals at EKS, but no response was received at the time of writing. Additionally, calls to a representative from EKS have also proved unsuccessful.
Do you have any information about this ongoing incident? You can contact Carly Page securely via Signal at +441536 853968, or through email. You can also reach out to TechCrunch via SecureDrop for secure communication.