Three Kent councils grapple with cyber incidents as services knocked offline

Three local councils in Kent have been hit by cyber attacks that have severely disrupted services for communities in the region. 

Canterbury City Council, Thanet District Council, and Dover District Council confirmed they are investigating the incidents.

At present, it’s not known whether any personal data has been compromised in the incidents. However, all three local authorities said they have taken precautions to contain the incidents, which has made certain parts of their websites inaccessible.

"We are working to resolve this as soon as possible and apologise for any inconvenience caused," said Thanet District Council.

The councils say they are working with the National Cyber Security Centre (NCSC) to establish what happened.

"Our teams are taking a precautionary approach while we work hard to investigate the problem and to minimise any disruption to our services. Our email system and website have been available throughout although some parts of the website may not quite work as intended," said Canterbury City Council.

"We are sorry for any inconvenience people may have experienced over the past few days and will provide updates as and when we have them."

Cyber attacks on local authorities have grown in both frequency and intensity in recent years, according to Trevor Dearing, director of critical infrastructure at security firm Illumio.

In 2023, for example, Kent County Council’s children’s department fell victim to a phishing attack when an officer clicked on a link from an email to reset their password.

Gloucester City Council was also severely affected by a 2023 cyber attack which resulted in more than £1 million in recovery costs.

"Attacks on the public sector are becoming more frequent and more pervasive, but the problem is cyber security funding isn’t rising in tandem,” he said.

“Investments in technologies that provide demonstrable gains in cyber resilience must be prioritized."

Last year, a report from software provider TechnologyOne found that six-in-ten senior leaders at UK councils said their approach to cyber security is 'outdated', but that they couldn't afford the cost of a security breach.

Leo Hanna, UK executive vice president at TechnologyOne, said a concerted national effort to improve cyber security among local authorities should be prioritized.

"Systems held together by gaffer tape and chewing gum still deliver mission-critical services at local authorities across the country but they need to be urgently overhauled if they are to remain secure," he said.