Three local councils in the United Kingdom have been grappling with a major disruption to their online services, nearly a week after confirming a targeted cyberattack had caused certain systems to go offline.
The affected councils, including those of Canterbury, Dover, and Thanet, are all located in the county of Kent in the UK and are responsible for serving a combined population of nearly 500,000 residents. Last week, they jointly announced that they were actively investigating a “cyber incident” that had caused disruptions in important services such as council tax payments and online forms.
Many questions regarding the incident remain unanswered, such as the possible access of personal data by the attackers. Robert Davis, a spokesperson for Canterbury City Council, told TechCrunch that initial investigations did not indicate any unauthorized access to customer data.
The Information Commissioner’s Office (ICO) in the UK has released a statement to TechCrunch, confirming that they have received a breach report from the three affected councils and are currently carrying out enquiries.
“We have received breach report forms from three Kent Councils who form a three-way partnering service: Thanet District Council, Dover District Council and Canterbury County Council, and will be making enquiries,” said ICO representative Rashana Vigerstaff.
According to sources at TechCrunch, the ongoing disruption seems to be linked to EKS (East Kent Services), an organization formed by the three affected councils in 2011. In 2018, EKS was outsourced to Civica, and currently handles various IT and HR related services for all three councils, including payments, benefits, and debt recovery.
Previous research by TechCrunch has revealed that systems provided by EKS for Canterbury City Council, such as payment portals, were inaccessible. These systems remain offline at the time of writing, along with EKS’ own website, which has been inaccessible for over a week now.
Repeated attempts to contact EKS have gone unanswered, with the company yet to make any public statements regarding the cyberattack and its nature.
According to a social media post made by security researcher Kevin Beaumont, EKS’ Pulse Secure VPN server is also down, indicating a possible link to the recent exploitation of critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance.
The ongoing incident is causing significant disruption for hundreds of thousands of individuals in Kent.
Davis, the spokesperson for Canterbury City Council, has not responded to questions posed by TechCrunch on Friday. However, a notice on the council’s website confirms that residents are still unable to “apply for, report something, or pay for most services online at the moment” as investigations into the incident continue.
Andy Steele, spokesperson for Dover District Council, has also not responded to inquiries from TechCrunch. However, the council has released an updated statement acknowledging ongoing technical difficulties with its systems, which include the benefits, council tax, and business rates portal. The council states that the issues affecting its online forms have been resolved.
Thanet District Council spokesperson Clare Winter has released a statement to TechCrunch, which has also been published on the council’s website. “Thanet District Council is currently limiting access to a number of its online systems,” the statement reads. “This is a proactive decision following reports of a potential security incident.”
Both Canterbury and Thanet councils clarify in their statements that the affected IT services, such as online forms and planning applications, are not provided by Civica.
In an email sent to TechCrunch on Friday, Civica spokesperson Fintan Hastings reiterates that Civica’s systems remain unaffected by the cyberattack. Hastings clarifies that Civica does not provide tools for monitoring and managing information assets such as applications, infrastructure, operational delivery, and IT assets, but adds that the company provides the councils with revenues and benefits, debt recovery, and customer services.