Many of the online services were disrupted, including council tax support, track and trace support payments, and housing benefits.
The systems were targeted by a phishing “sleeper” malware, contracted by a third party, which reportedly encrypted files.
According to reports, to recover and remediate from the attack the local authority set aside £380,000 ($514,000). The rising costs of recovery from the cyber attack have caused concerns among opposition councillors. There is fear that the bill may be more than £1 million, costing hundreds of thousands of pounds already.
Commenting on the cyber-attacks, Liberal Democrat group leader Jeremy Hilton said of the continued disruption: “The planning portal is still not up and running on the website. This means it’s impossible to read public comments on planning applications or to research the history of former applications related to a particular site.”
“Processing applications has been delayed and some applicants have been asked to resubmit their plans… Soon it will be six months since the council’s ICT systems were compromised by hackers.”
“That is twice in ten years. The city council must aim to get the planning portal up and running by the end of this month. I know the servers have been repopulated and testing is to begin. As planning is an important statutory role for the council, it must redouble its efforts to return its planning processes back to the 21st century.”
The city council leader Richard Cook said that work is progressing well and that the council’s systems will have been upgraded to be more secure once fully operational. However, he doesn’t know when the systems will resume operation as normal.
He said: “All I can say is that officers are working hard to restore all the IT systems that customers rely on and will get systems fully operational as soon as possible.”
“Officers are continuing to process planning applications although we acknowledge that some delays have been caused by the cyber incident.”
Back in 2017, the UK’s data protection watchdog fined Gloucester Council £100,000 after it found failings in the council’s failure to patch the Heartbleed vulnerability in 2014. The Heartbleed vulnerability enabled hackers to access council email inboxes.