A major cyberattack targeting Manchester councils has left thousands of people at risk from phishing scams and prompted warnings about the risk posed by supply chain attacks.
Threat actors initially targeted Locata, a company that provides housing software to councils across the UK. Housing websites for Manchester, Salford and Bolton councils have been targetted.
Thousands of residents were sent a fake email asking them to "activate your tenancy options" and hand over valuable personal data.
In a statement, Locata said: "We moved quickly to manage the issue and, working with third-party IT experts are investigating the matter.
"We have informed those local authorities impacted and our investigation is ongoing. We would like to apologise for what has happened."
The attack only affected the public-facing portion of the websites, so resident data is not believed to be impacted.
Residents have been urged to check their bank accounts for suspicious transactions.
The incident highlights the danger of supply chain attacks, showing that an organisation is only as safe as its least-protected supplier.
Mike Britton, CISO at Abnormal Security, told The Stack: “In this case, a third party was targeted by the attackers to gain access to the public. Supply chains for local councils will always be the weakest link to be exploited by attackers looking for valuable information due to the vast number of services employed for operations."
Trevor Dearing, Director of Critical Infrastructure at Illumio, also said: “The attack highlights the ongoing cybersecurity challenges facing local councils. Many rely on third-party providers to support and deliver public services, and when these providers are compromised, it can have widespread repercussions. Cybercriminals know this and proactively target suppliers to gain access to more valuable systems and data.
"Councils are a lucrative target for attackers looking to disrupt public services or steal sensitive public data. So, every council needs to accept they will be attacked and focus on building security controls that minimise the impact of attacks. This must include mitigating the risk posed by third parties through proactive measures like least privilege access and network segmentation that removes implicit trust from the supply chain.”
