Hacked off!

Hackers target City Council

The city of Edinburgh Council’s website has been hacked. Cyber-criminals have stolen over 13,000 email addresses after penetrating the city council’s security firewall.

Individuals who have had their details stolen were contacted by the city’s Director of Corporate Governance, Alastair Maclean, this morning, asking them to change any passwords used to access the council’s website.

In an email to clients who have registered with the council, entitled ‘The City of Edinburgh Council – Important information about your email address’, Mr Maclean said:

Dear Website User

We are emailing to let you know that the Council’s website was subject to a cyber attack which got through our website service provider’s security. The attacker copied some email addresses, including yours, but we would like to reassure you that no other personal data was taken.

If you had a password for the website, as a precaution, we have reset your account and you will have to change your password the next time you log in. This change does not apply to your “MyGovScot” account.

It is possible that your email address might experience an increase in spam or phishing emails. Information and guidance on spam and phishing is available from Citizens Advice

https://www.citizensadvice.org.uk/consumer/protection-for-the-consumer/scams/common-scams/computer-and-online-scams/phishing-spam-emails-and-fake-websites/

We are taking this incident very seriously. We have made sure that our service providers have reinforced the security of our website and we will continue to monitor security regularly.

If you do have any concerns, please contact the Council on 0131 200 2000

 

A council spokesman added: “This was a malicious cyber attack on the Council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any Council services affected.

“We are contacting everyone who has been affected to inform them of the incident and offer them advice and support. We have reassured individuals that the only details that have been accessed are their e-mail addresses.

“The Information Commissioner’s Office has been informed and preventative measures have been taken by the web service providers.

“We want to reassure the public the ongoing security of our website is critically important, and we continue to work with our service providers to ensure that the risks associated with attacks are dealt with.”