Thousands targeted with phishing emails after cyber attack on Greater Manchester councils

A major cyber attack that's hit councils across Greater Manchester has highlighted the risks local authorities face.

The attack on Locata affected the housing websites for Manchester, Salford, and Bolton councils, which are run by the software firm. It’s led to thousands of users being sent a phishing email asking them to ‘activate your tenancy options’ and hand over their personal data.

Manchester City Council said it suspended its Manchester Move website in response to the incident.

"The website is managed by a third party, and it will remain offline until we are confident that the personal information of people using the website is safe," the council said.

Salford City Council has made a similar move with and temporarily close its Home Search website, adding: " The company responsible are unable to confirm to what extent personal data has been revealed."

Both services warned customers to be wary of any emails, not to click on any links, and to monitor their bank accounts and alert Action Fraud if they think their data may have been accessed.

Homes for Bolton, meanwhile, carries a message saying that it's "temporarily unavailable whilst maintenance is being undertaken."

Incident highlights fragile supply chain ecosystem

The incident highlights the security risks that councils face, particularly from supply chain attacks, according to cybersecurity experts.

"In this case, a third party was targeted by the attackers to gain access to the public," said Mike Britton, CISO at Abnormal Security.

"Supply chains for local councils will always be the weakest link to be exploited by attackers looking for valuable information due to the vast number of services employed for operations."

Overall, local authorities are seeing a sharp increase in the number of cyber security incidents, with the UK's Joint Committee on the National Security Strategy (JCNSS) recently warning that the then government was doing nothing to address the problem.

Block threats against cloud and virtualized environments

Councils were 'unprepared and unsupported' by the government, committee chair Dame Margaret Beckett said.

Recent examples include attacks on three Kent councils in January which severely disrupted services, and an attack on Leicester City Council in March that took IT systems and phone lines offline.

"Councils are a lucrative target for attackers looking to disrupt public services or steal sensitive public data. So, every council needs to accept they will be attacked and focus on building security controls that minimize the impact of attacks," said Trevor Dearing, director of critical infrastructure at Illumio.

"This must include mitigating the risk posed by third parties through proactive measures like least privilege access and network segmentation that removes implicit trust from the supply chain."