Cyber attack: Hundreds of residents still facing disruption with benefits payments

The Town Hall was in the midst of a transition to a cloud-based system when the attack happened.
Photograph: Victorgrigas / Wikicommons

The benefits payments of hundreds of Hackney residents continue to be disrupted following the serious cyber attack on the Town Hall last October, with the council facing a “long hard slog” to recover.

Anecdotal reports have spread in the past few weeks about ongoing problems with the housing benefits system, which the council says it is working hard to fix.

In an exclusive interview with the Citizen, IT boss Rob Miller and finance chief Ian Williams confirmed that incorrect payments are being made to people whose circumstances or bank details have recently changed.

There is also a continuing possibility of overpayments for those transferring to Universal Credit.

Miller said: “The service is doing everything it can. We’re working really hard to recover systems as quickly as we can. Whilst there is still work to do, there is still visible progress and it is moving forward, and we have growing confidence in it.”

He added: “The vast majority of people are still receiving the correct benefits. The fact that they are, despite the attack, is itself an incredibly important achievement, and we would be having a really different conversation if the teams had not been able to do that. It would have been a really, really significant problem.”

While the council has been unable to put an exact figure on the amount of people continuing to be affected by these issues, it is understood to be in the hundreds at any one time. Around 35,000 people are in receipt of benefits in the borough.

The local authority is now approaching landlords to assure them that unprocessed benefits will be paid.

Data stolen in the attack was published online in January. Hackers used the ransomware tool Pysa/Mespinoza, which can potentially be distributed either through ‘brute-force’ attacks in which all possible passwords or phrases for a system are tried, or through spam or phishing email campaigns.

With a criminal investigation still ongoing, the Town Hall remains unable to confirm how the attack took place.

But the IT chief did say that the council moved away two years ago from Outlook and Windows computers, which are commonly affected by email campaigns.

According to the council, as much effort has gone into recovering the Town Hall’s systems as to respond to the publication of details on the dark web, with officers still meticulously combing through what Miller described as a “messy set of data” to understand what risks are involved in its release.

While filenames including ‘Tenancy Audits’ and ‘Complaints Community Safety’ were among the material published, Miller stressed that the release was not “a big cache of bank and credit card details”.

He said there is “nothing that indicates to us that there is further data” and that the council is “making sure we are remaining able to respond if there were to be an issue, but we don’t have any evidence that there is”.

The sheer scale of the hundreds of services offered by the council means the impact of the attack was felt in multiple ways. The borough’s housing market was hit, for example, with many finding it difficult or impossible to complete a sale due to the loss of the council’s land charges search service.

But the top officers confirmed that the biggest impacts were on its benefits department, due to the complexity and size of this system, and its revenue department, which allows the council to raise and run its bills.

According to Williams, had officers been unable to restore this system ahead of the council’s budget being set for the year, it would have had a “major impact on our ability to run the authority”.

The finance boss said he would have been forced to base important calculations, such as the number of additional properties in the borough, on assumptions from previous years.

The council is still unable to say if and when service will return to normal, with systems being restored into cloud servers rather than being put back the way they were. The Town Hall was already in the middle of transitioning to cloud servers when the attack took place.

Miller said: “The recovery is going to come in stages because of its complexity. So we can’t say that on 15 April everything will be back to normal, we’ll wave a big flag and say it’s done. We have already made some big steps forward. There’s more work happening right now, but there is more that we need to do.”

Williams added: “It is going to be a long hard slog to get back. Something we keep reinforcing to people is that there is no magic button to this. It’s not a case of switching the computer off and back on again. 

“Teams have reacted fantastically well to this and are working really well across the council to get things right, put things back, and deliver the services that our residents ultimately rely upon.”