Last year, Hackney Council suffered a serious cyberattack which affected many of its services and IT systems. At that time, the Council did not know what, if any, data had been compromised. But it has now been revealed that data stolen in Hackney Council cyberattack has been published on the dark web.
According to the east London local authority, criminals have now shared some personal data online. While the dark web is a hidden section of the internet and is not visible through the usual search engines, it is a favourite haunt of cybercriminals who often buy stolen data for nefarious purposes.
The Council is working with the relevant authorities to determine what data has been published, and it is obliged to tell you if your information is at risk.
The Mayor of Hackney has condemned the “deplorable” actions of the cybercriminals and said he is determined to bring them to justice. But, even if these criminals are found, that is of little help to those whose information is already compromised.
Are your details up for sale on the dark web?
Hackney Council has promised to contact anyone affected by the data breach directly. And you have a legal right to ask the Council if your information is at risk. This is called making a Subject Access Request (SAR).
Victims of data breaches often become the target of cybercriminals, so we would also recommend taking the following steps to watch out for fraud.
How to protect yourself following a data breach or cybercrime
- Contact your bank or credit card provider immediately if your financial data has been exposed.
- Check all bills and emails for goods or services you have not ordered.
- Check your bank account for unfamiliar transactions.
- Alert your bank or credit card provider immediately if there is any suspicious activity.
- Monitor your credit score for any unexpected dips.
- Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
- Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
- Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
- Follow the security instructions provided by the organisation that breached your data.
- Never automatically click on any suspicious links or downloads in emails or texts.
- Don’t assume an email or phone call is authentic just because someone has your details.
- Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
- Know that, even if you recognise a name or number, it might not be genuine.
- Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
- Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
- Listen to your instincts and ask questions if something feels “off”.
- Refuse requests for personal or financial information and stop discussions if you are at all unsure.
- Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
- Be cautious of unsolicited communications that refer you to a web page asking for personal data.
- Don’t accept friend requests from people you don’t know on social media.
- Review your online privacy settings.
- Report suspected fraud attempts to the police and Action Fraud.
- Register with the Cifas protective registration service to slow down credit applications made in your name.
- Change your passwords regularly and use a different password for every account (a password manager can help with this).
- Protect your devices with up-to-date internet security software.
The truth is people are often not aware that their data is for sale on the dark web until it is too late. But if you have ever been involved in a data hack, it is highly likely that your information is on the market. It is also not unusual for data to be found for sale, months or even years after the initial breach.
Hackney Council data breach claim
While it is understandable that Hackney Council is upset about the breach, in most cases, hackers are only able to commit such crimes due to poor data security. So, Hackney Council may have questions to answer. As the Mayor said: “While we believe this publication will not directly affect the vast majority of Hackney’s residents and businesses, that can feel like cold comfort, and we are sorry for the worry and upset this will cause them.”
At Keller Lenkner, we are considering a no win, no fee group action against Hackney Council. Group actions can be a powerful tool and can have a bigger impact than a single claim.
If you want to hold Hackney Council to account for failing to protect your private information, receive financial compensation for your losses and force public sector organisations to implement better data security, contact us today. We provide a free, no-obligation assessment of your case.