In recent developments, three local councils in the UK—Canterbury, Dover, and Thanet—are grappling with persistent disruptions to their online services, a week after confirming a cyberattack that knocked some systems offline. These councils, located in the UK county of Kent and collectively serving almost 500,000 residents, jointly announced an investigation into an unspecified “cyber incident” affecting council tax payments and online forms.
UK councils launch investigation into the incident
Initial statements from Robert Davis, a spokesperson for Canterbury City Council, suggested that no customer data was accessed during the cyberattack. However, the UK‘s Information Commissioner’s Office (ICO) has received a breach report from the three councils, prompting further inquiries to determine the extent of the breach. This raises questions about the incident’s nature and whether personal data has been compromised. The ongoing disruption is reportedly linked to East Kent Services (EKS), established by Canterbury, Dover, and Thanet in 2011 before being outsourced to Civica in 2018.
EKS provides various IT and HR services, including payments, benefits, and debt recovery for all three councils. Last week, reports surfaced that some payment systems of Canterbury City Council, provided by EKS, were unavailable. EKS’s website has been offline for at least seven days, and the company has not issued a public statement regarding the cyberattack. Security researcher Kevin Beaumont’s Mastodon post noted that EKS’s Pulse Secure VPN server is offline, indicating a potential connection to the exploitation of two critical zero-day vulnerabilities in Ivanti’s corporate VPN appliance.
The extent of disruptions in critical local government services
Despite these insights, the exact nature of the cyberattack remains unknown, and EKS has yet to provide details or issue a public response. The incident’s repercussions are significant, disrupting hundreds of thousands of individuals in Kent. UK council Canterbury City’s online services, including applications, reports, and payments, remain inaccessible. Residents are unable to apply for services or report issues online, compounding the inconvenience caused by the cyberattack. Dover District Council is also facing technical difficulties, particularly in its benefits, council tax, and business rates portal.
While issues with online forms have been resolved, various systems are still affected, posing challenges for both the council and residents. In a proactive move, Thanet District Council has limited access to several online systems following reports of a potential security incident. The council is actively managing the situation to mitigate risks and protect sensitive information. Their statement acknowledges the limitation of access to certain online services, emphasizing a cautious response to the evolving security situation.
It is important to note that UK councils Canterbury and Thanet clarified that their affected IT services, including online forms and planning applications, are not provided by Civica. A spokesperson for Civica, Fintan Hastings, reassured that Civica’s systems were unaffected by the cyberattack. However, Civica’s role in providing councils with revenues and benefits, debt recovery, and customer services underscores the interconnected nature of IT services within the local government infrastructure. As the investigation unfolds, residents and local businesses in Canterbury, Dover, and Thanet are left waiting for the restoration of normalcy.