Three councils in England—Canterbury, Dover, and Thanet in Kent—have fallen victim to a cyberattack, leading to the suspension of multiple online services. These councils, collectively representing a population of just under 500,000, appear to have been affected by a single incident. The National Cyber Security Centre is actively collaborating with the impacted councils to comprehensively understand the consequences of the cyber incident.
The councils in question outsource their IT and HR services to Civica through the East Kent Services partnership. It is noteworthy that Civica is contracted for the collection of “revenues, benefits, customer services, and debt collection” services at these three councils. The website of East Kent Services is currently inaccessible. Civica, a private company, has not responded to repeated requests for comment.
According to Stephen Robinson, a senior threat intelligence analyst at cybersecurity firm WithSecure, all three councils rely on Civica for their IT and HR services, and the incident likely occurred in this shared infrastructure. Robinson highlights concerns about whether the cyberattack has solely impacted East Kent Services or has also affected Civica itself.
In response to the situation, Rob Davies, the media manager for Canterbury City Council, mentioned that they are in the early stages of the investigation and cannot provide details on compromised systems. As a precautionary measure, all systems, including those provided by Civica, have been isolated.
Civica, in a statement to TechCrunch, asserted that the incident “was not caused by any of our systems.” Robinson suggests that service providers like Civica are frequently targeted for supply chain attacks, enabling attackers to compromise multiple customers simultaneously for a more impactful assault.
This incident follows a trend of cyberattacks targeting local government entities and underscores the challenges associated with third-party service providers in the supply chain. The investigation is ongoing to determine the nature and scope of the compromise and potential data access.