Around one million attempted cyber attacks are targeted at Leeds City Council’s systems every single month, the Yorkshire Evening Post can reveal.
The council is subjected to a constant barrage of attempts to get staff to click on ‘phishing’ emails trying to dupe them into handing over vital data, as well as efforts to such down its web pages through ‘Denial of Service’ attacks.
The authority said a “small number” of attempts reached staff computers but added that in the past three years no cyber attacks on the organisation had succeeded and no data had been lost.
Nationally, an investigation by the YEP and its sister titles has uncovered 424 successful attacks on councils, NHS trusts and other public bodies between March 2014 and April this year. A total of 111 UK councils reported 256 ransomware incidents, in which sensitive files are locked by hackers and money demanded for them to be made accessible again.
A Freedom of Information response by Leeds City Council said: “The council defends its position daily against a constant influx of email phishing attacks and suspected Denial of Service at the boundary. The number of emails blocked by secure gateways is approximately one million each month. A small number reach desktops and are quarantined by antivirus software.”
Councillor James Lewis, executive board member with responsibility for resources and strategy, said: “Leeds City Council takes the risk of cyber attack very seriously and has prioritised information assurance and security going forward, including increasing the 2017/18 budget to reflect this.
“A number of securely configured tools are in place to protect our position and cover people, our processes and technology.
“We have deployed multiple layers of defence which each play their part in preventing any malicious actor from gaining unauthorised access to our systems, minimising any potential disruption and ensure, should the worst happen, that we are able to restore data within a reasonable amount of time.
“The world of cyber-crime is an ever changing landscape with new vulnerabilities discovered all the time. As such, Leeds City Digital and Information Service work hard, constantly updating the estate with patches, anti-virus updates and intrusion prevention software, amongst other controls, processes and mandatory employee training to ensure we have as many security barriers and prevention methods in place as possible.
“The number of opportunistic attacks are still on the rise, and therefore we will continue to look at and improve the security posture of the authority and subsequently reduce the risk to data across the council.”
Wakefield Council said it blocked 8.9m emails in 2016 alone, more than 180,000 of which contained computer viruses.
The Leeds Teaching Hospitals NHS Trust refused to provide any information about the cyber attacks directed at it on the grounds of “national security” but two neighbouring trusts did provide details. The Mid Yorkshire Hospitals NHS Trust suffered two successful ransomware attacks last year in which data was encrypted and payment demanded. No ransom was paid and the information was recovered from back-up files. Airedale NHS Foundation Trust said it was subjected to one unsuccessful ransomware attack in 2015/16.
Leeds Beckett University has had three ransomware attacks since it started keeping an incident log of cyber attacks in August 2016. No data was stolen or payments made.
The University of Leeds refused to provide any information, claiming its release ‘would compromise health and safety’.
MAYOR SUBJECT TO IDENTITY THEFT
Identity thieves targeted Leeds’ mayor earlier this month, setting up fake social media accounts and posting an anti-Polish tirade in her name.
Coun Jane Dowson, the Lord Mayor of Leeds, was subjected to a barrage of abuse after her personal Facebook profile picture was used to set up a fake account.
A screen shot of the lengthy post, purporting to be from Coun Dowson, was then posted to her own Twitter profile - prompting the backlash and leaving the Lord Mayor in tears.
Police are now investigating the origin of the post, thought to have been in America.