Three local councils in the United Kingdom continue to experience disruption to their online services, a week after confirming a cyberattack had knocked some systems offline.
The councils for Canterbury, Dover, and Thanet — all of which are based in the U.K. county of Kent and have a combined population of almost 500,000 residents — said last week that they were jointly investigating an unspecified “cyber incident” that had disrupted council tax payments and online forms.
Questions remain about the incident, including whether personal data was accessed. Robert Davis, a spokesperson for Canterbury City Council, told TechCrunch last week that the council’s initial investigation suggests that no customer data was accessed.
However, the U.K.’s Information Commissioner’s Office told TechCrunch on Friday that the data regulator has received a breach report from the three councils.
“We have received breach report forms from three Kent Councils who form a three-way partnering service: Thanet District Council, Dover District Council and Canterbury County Council, and will be making enquiries,” ICO spokesperson Rashana Vigerstaff said.
TechCrunch understands that the ongoing incident is linked to EKS, or East Kent Services. EKS was set up by Canterbury, Dover, and Thanet in 2011 before it was outsourced to Civica in 2018, and is used by all three councils to deliver a number of technology-based services, including payments, benefits, and debt recovery.
TechCrunch found last week that some of Canterbury City Council’s payment systems, provided by EKS, were unavailable. These services remain down at the time of writing — as is EKS’ website, which has now been offline for at least seven days.
TechCrunch has contacted multiple people at EKS but has not yet received a response. The company has yet to make a public statement regarding the cyberattack, the nature of which remains unknown.
According to a Mastodon post from security researcher Kevin Beaumont, EKS’ Pulse Secure VPN server is also offline, suggesting a possible link to the widespread exploitation of two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance.
The incident continues to cause disruption for hundreds of thousands of individuals in Kent.
Davis, the spokesperson for Canterbury City Council, did not respond to questions from TechCrunch sent Friday, but a notice on the council’s website notes that residents remain unable to “apply for, report something or pay for most services online at the moment” while it continues to investigate the incident.
Dover District Council spokesperson Andy Steele also didn’t respond to TechCrunch’s questions, but the council has also confirmed in an updated notice that it is “still experiencing technical difficulties” with some of its systems, including its benefits, council tax, and business rates portal. The council notes that the issues affecting its online forms have been resolved.
Thanet District Council spokesperson Clare Winter shared an updated statement with TechCrunch, which has also been published on the council’s website. “Thanet District Council is currently limiting access to a number of its online systems,” the statement reads. “This is a proactive decision following reports of a potential security incident.”
Canterbury and Thanet councils note in their statements that their downed IT services, which include online forms and planning applications, are not provided by Civica.
In an email to TechCrunch on Friday, Civica spokesperson Fintan Hastings reiterated that Civica’s systems were unaffected. Hastings said that Civica does not provide tools for monitoring and managing information assets such as applications, infrastructure, operational delivery, and IT assets, but added that Civica provides the councils with revenues and benefits, debt recovery, and customer services.
Amended the sixth paragraph noting Civica provides technology-based services to the affected councils.
Cyberattack targeting UK councils causes online disruption