Three local councils in the UK continue to experience problems with their online services, a week after it was confirmed that a cyber attack had knocked some systems offline.
The councils for Canterbury, Dover and Thanet – all of which are based in the UK county of Kent and have a combined population of nearly 500,000 – said last week they were jointly investigating an unspecified “cyber incident” that had disrupted its tax municipality payments and electronic forms.
Questions remain about the incident, including whether personal data was accessed. Robert Davies, a spokesman for Canterbury City Council, told TechCrunch last week that the council’s initial investigation indicates no customer data was accessed.
However, the UK Information Commissioner’s Office told TechCrunch on Friday that the data regulator had received a breach report from the three councils.
“We have received infringement reports from three Kent Councils that form a tripartite working agency: Thanet District Council, Dover District Council and Canterbury County Council and will be investigating,” ICO spokeswoman Rashana Vigerstaff said.
TechCrunch understands the ongoing incident is linked to EKS or East Kent Services. EKS was established by Canterbury, Dover and Thanet in 2011 before being outsourced to Civica in 2018, and is used by all three councils to deliver a number of IT and HR services, including payments, benefits and debt recovery.
TechCrunch found last week that some of Canterbury City Council’s payment systems, powered by EKS, were down. These services remain down at the time of writing — as does the EKS website, which has now been offline for at least seven days.
TechCrunch reached out to several people at EKS but has yet to hear back. The company has yet to make a public statement about the cyberattack, the nature of which remains unknown.
According to a Mastodon post by security researcher Kevin Beaumont, EKS’s Pulse Secure VPN server is also offline, suggesting a possible connection to the widespread exploitation of two critical zero-day vulnerabilities in Ivanti’s widely used enterprise VPN appliance.
The incident continues to upset hundreds of thousands of people in Kent.
Davis, the spokesman for Canterbury City Council, did not respond to TechCrunch’s questions sent on Friday, but a notice to the council website notes that residents still cannot “apply, report or pay for most services online at this time” while it continues to investigate the incident.
Dover District Council spokesman Andy Steele also did not respond to TechCrunch’s questions, but the council also confirmed to updated announcement that it “continues to experience technical difficulties” with some of its systems, including benefits, council tax and the business rates portal. The council notes that the issues affecting its online forms have been resolved.
Thanet District Council spokeswoman Clare Winter shared an updated statement with TechCrunch, which also published on the council’s website. “Thanet District Council is currently restricting access to some of its online systems,” the statement said. “This is a precautionary decision following reports of a possible security incident.”
Canterbury and Thanet councils note in their statements that their damaged IT services, which include online forms and planning applications, are not provided by Civica.
In an email to TechCrunch on Friday, Civica spokesman Fintan Hastings reiterated that Civica’s systems were not affected. Hastings said Civica does not provide tools to monitor and manage information assets such as applications, infrastructure, operational delivery and IT assets, but added that Civica provides councils with revenue and benefits, debt recovery and customer services.
