Phishing attack on Ards and North Down Borough Council

Ards and North Down Borough Council has recently been the target of an unlawful ‘phishing attack’ from an external source.   

Some emails from a single account were illegally forwarded by an unknown external source.  This may have exposed the personal data of a relatively small number of our customers/ partners to a potential unauthorised use by an external party. 

While the number of people potentially impacted is small, we do not underestimate the concern this will cause them.  We have taken several important steps in response, having sought professional advice.   

  • We have notified the Information Commissioner’s Office (ICO) of the incident and they remain entirely content with our approach.   
  • We have reported the issue to the PSNI who have launched their own investigation and we are hopeful that this will reveal the identity of the perpetrator.   
  • We have engaged IT security experts to fully investigate the breach and to protect the organisation from any further attacks.  They are liaising with the PSNI. 

We can confirm that the relevant account is no longer compromised, the unlawful attack having been identified and removed.  We are working strenuously to ensure that we can minimise the impact of any attack in the future. 

The Council has not been contacted in any way by the perpetrator(s), nor has it been asked for any financial payment at all. We are unaware of their motives in attacking the Council’s systems. 

Furthermore, whilst the investigation to understand the full extent of what has happened is ongoing, there is presently no indication that information of any nature has been misused. 

Anyone that the investigation deems appropriate to contact will receive further information directly from the Council.  Unless you are contacted directly by the Council there is no further cause for concern.  

Unfortunately, these acts are now very common –   in 2019 around 33% of all UK public sector organisations reported being targeted by some form of cyber-attack.  (Source: Cyber Security Breaches Survey 2019: Statistical Release) We will do all that we reasonably can to minimise the impact of any potential further attacks. 

We fully appreciate that there is public interest in such incidents and will provide information via our website as appropriate (www.ardsandnorthdown.gov.uk).  

The Council takes the safety and security of our systems and of our customers’/ partners’ information very seriously.  We will continue to work through the challenges presented by cyber-attacks of this nature carefully and thoroughly.  

Stephen Reid 

Chief Executive – Ards and North Down Borough Council