The cyber threats to local governments has been present for a number of years, but the current coronavirus crisis has also presented a new opportunity for cybercriminals. As the external threat posed by hackers shows no sign of abetting, it is up to the councils themselves to take action to prevent local government cyberattacks.
With a number of extremely costly data breaches hitting local councils in 2020, local government organisations have been alerted to the risk posed by deficient cybersecurity. Unfortunately, the victims of council data breaches were already all too aware of the consequences of data exposure. We have supported victims in relation to council data breaches many times, and we believe that there is still much to be done to improve local government cybersecurity.
If you have been affected by a data breach of any kind, you may be able to claim compensation for the harm caused. Contact us today to receive free, no-obligation advice on your potential claim.
Local government cyberattacks – the growing problem of ransomware
When examining the cybersecurity threats faced by local governments, it would seem that ransomware is among the most significant dangers. Known for causing systems to come to a standstill, ransomware attacks hit several councils in 2020. For example, in February, Redcar and Cleveland Council suffered a ransomware attack that put its servers out of operation for three weeks, and it was later reported that the attack had cost the council around £10.4m. A similar figure was given for the Hackney Council ransomware attack which hit in October.
Council cybersecurity errors and data breaches
However, local government cyberattacks cannot solely be blamed on malicious criminals. In many cases, operational errors can compromise the security of computer systems, putting personal data at risk. For example, a meeting of Lichfield District Council reportedly revealed that unencrypted laptops were being used by employees, meaning that the devices could be more likely to be subjected to unauthorised access or hacks.
Momentary human errors can also cause data to be exposed in a few clicks. There have been a number of council data breaches involving mistakes such as postal errors, accidental email attachments, or failures to anonymise recipients.
Holding local authorities to account
The ICO, the UK’s data protection regulator, can take action against organisations that have failed to protect personal data. Nottinghamshire County Council, fined for data breach errors spanning five years in 2017, is just one of the local authorities to have been subjected to financial penalties.
Local government bodies can also be held accountable by data breach claims, as victims can be eligible to recover compensation for the harm caused by data breaches. As leading specialists in data protection law, we have been representing clients for privacy matters since 2014, and we have developed significant experience in this area of law over the years. In fact, we have been involved with a number of high-profile group actions, including the action against British Airways which is the first GDPR Group Litigation Order case in England and Wales.
Everyone affected by local government cyberattacks or other data security incidents could be eligible to claim, so contact us for free, no-obligation advice if you have any questions about making a compensation claim.