Data advice – frequently asked questions (FAQs)
Menu

Data advice – frequently asked questions (FAQs)

This page provides easy-to-find information on the unauthorised access, and quick answers to your questions.

Our statement

‘We can confirm that there has been unauthorised access to an IT storage portal being used by our digital team for data analysis as part of a homelessness project. We were first made aware of this on 24 April 2018. The portal is outside our IT network, which remains secure, and the core IT system is unaffected. The portal was being used to store some financial and personal data relating to residents of the Lewisham borough.

‘We are not aware of any inappropriate use of the data. However, as a precaution, we are making our residents aware. Residents can call freephone 0800 953 3045 if they have any questions or would like advice.

‘In addition, we are directly contacting people whose financial details we believe could have been affected.

‘We are taking this very seriously and have reported this matter as a crime. We are working with our partners, the appropriate regulators and authorities, and are committed to doing everything we can to support those whose data is potentially affected.

‘Residents using our services are our highest priority. We sincerely regret this matter and we are fully committed to doing everything we can to support them.’

What has happened

1. When did you first find out about this?

We were first made aware of the unauthorised access to an IT storage portal being used by our digital team for data analysis as part of a homelessness project on 24 April 2018. This portal is outside our IT network, which remains secure, and our core IT system is unaffected. As soon as we became aware of it, we took immediate action, which included taking down the portal and appointing a dedicated team to conduct an investigation.

2. Who was the hacker and why did they do this?

We don’t know who the hacker was and we have reported the matter as a crime. We became aware of the hack because we were subjected to a ransomware attack. A ransomware attack is when the data on an organisation’s computer is locked by encryption. The targeted organisation is asked to pay a ransom in a virtual currency, such as Bitcoin, in order to release the data.

We are working with our partners, the appropriate regulators and authorities. We are committed to doing everything we can to support the people whose data is potentially affected. While the investigation is under way, it is not possible for us to comment further.

3. What data has been accessed?

The data potentially affected were held in an IT storage portal being used by our digital team for data analysis as part of a homelessness project. The type of data which may have been affected includes some personal data derived from the following council areas:

  • council tax and housing benefit
  • housing
  • adult social care
  • education
  • planning.

4. Why can’t you be more specific about the impact or the data in question?

The unauthorised access to the IT storage portal resulted in the corruption of the data. The investigation continues, but this is a complex issue and it may never be possible to know exactly what data could be affected.

Who it affects

5. How many people are affected by this?

We have been working hard to gather as much information as possible about which residents are affected. As a precaution, we are:

  • making residents of the borough aware of the unauthorised access
  • directly contacting people whose financial details could have been on the portal and may be affected – we intend to write to just over 6,000 people.

6. Could my financial data be at risk?

We are not aware of any inappropriate use of the data. We are directly contacting some people about what they can do to mitigate any potential risk to their financial information. These are people who have:

  • used our housing benefit services, or
  • been childminders.

If you have not received a letter by 13 August you can assume that your financial data is not affected.

7. Is there any risk to people who could be affected?

We are not aware of any inappropriate use of the data. We were subjected to a ransomware attack. A ransomware attack is when the data on an organisation’s computer is locked by encryption. The targeted organisation is asked to pay a ransom in a virtual currency, such as Bitcoin, in order to release the data.

What we are doing in response

8. Why are you only telling residents now?

As soon as we identified the unauthorised access, we appointed a dedicated team to carry out a thorough investigation. We have been working hard to gather as much detail as possible about what happened. The investigation continues and, although there is no evidence that the data has been used inappropriately, we are telling residents about it as a precaution.

9. Who are you working with to resolve this?

We are taking this matter very seriously and are working with our partners, the appropriate regulators and the relevant government departments, including the National Cyber Security Centre (NCSC) to do everything we can to support those whose data is potentially affected.

10. What support are you offering residents who are affected?

As a precaution, we are making residents of the borough aware of the unauthorised access. Residents can call freephone 0800 953 3045 if they have any questions or would like advice. We are directly contacting any residents whose financial details may have been affected.

11. What action are you recommending I take to protect myself?

If your data has potentially been affected, you should follow advice from the National Cyber Security Centre (NCSC):

12. What is CCA?

CCA is an independent call centre. We are using extra staff from CCA because we are not sure how many residents will want to get in touch with us. We do not want to add an additional burden to our existing call centre teams, which already deal with a high number of calls. Residents using our services are our highest priority, and we sincerely regret this matter and are fully committed to doing everything we can to support those who might be affected.

13. How can you be sure this won’t happen again?

This matter occurred outside our IT network, which remains secure, and the core IT system is unaffected. We are working with a team of experts to review our security processes. We have already implemented a tightening of our security controls.

14. How many people are you directly contacting?

We intend to write to just over 6,000 people. We have also:

  • set up a dedicated call centre
  • placed adverts in local newspapers
  • published these FAQs on our website.

Contact us

You can call freephone 0800 953 3045 if you have any questions or would like advice.