Pay

Freedom of information request response - 06250

FOI request

FOI ID number
06250
Regarding
Cyber-attacks/ransomware
Request

I am writing under the Freedom of Information Act 2000 to request information about cyber-attacks, cyber security incidents and ransomware attacks affecting your authority. 

I am asking the information for each of the years 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date (I will take the date or your reply unless you specify the date). 

I am using the following definitions in accordance to guidelines given by the National Cyber Security Centre (NCSC). https://www.ncsc.gov.uk/information/ncsc-glossary.

Cyber-attack: a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber security incident: a breach of a system’s security policy in order to affect its integrity or availability or the unauthorised access or attempted access to a system.

Ransomware: Malicious software that makes data or systems unusable until the victim makes payment.

  1. Please provide details of how many cyber-attacks to computer systems, networks or devices have taken place in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

  2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

  3. Please provide details of how many ransomware attacks have been made to your computer systems, networks or devices in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

  4. How many cyber-attacks have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

  5. How many cyber security incidents have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

  6. How many ransomware attacks have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

  7. On how many occasions has the authority paid money those involved in a ransomware attack – whether that is described as a ransom, fine, payment to unlock, purchase of unlocking product, fixing fee or any other payment to necessitate returning your systems to normal in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

  8. For any occasions referred to in question 7 please provide the date and the amount paid, including currency and method of payment, such as electronic transfer, Paypal, Bitcoin or any other means of paying the fee.

Please confirm whether ransomware attacks in your answer to question 3 have also been included in the totals for cyber-attacks and cyber security incidents in questions 1 and 2.

Please provide the answers to questions 1-7 by filling in the following table, with answers to question 8 listed separately if applicable. If you are replying with an attachment, please provide the data in an Excel spreadsheet, not a PDF or Word document.

Eden District Council
IT system problems
2014-15 2015-16 2016-17 2017-18 2018-19 2019-20
(to date)
Cyber-attacks            
Cyber-security incidents            
Ransomware attacks            
Cyber-attacks with data loss            
Cyber-security incidents with data loss            
Ransomware attacks with data loss            
Ransoms paid            

Under the Freedom of Information Act that I am entitled to a response within 20 working days and would appreciate it if you can confirm this request has been received and is being considered as soon as possible.

Our response

Response

I am writing under the Freedom of Information Act 2000 to request information about cyber-attacks, cyber security incidents and ransomware attacks affecting your authority.

I am asking the information for each of the years 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date (I will take the date or your reply unless you specify the date).

I am using the following definitions in accordance to guidelines given by the National Cyber Security Centre (NCSC). https://www.ncsc.gov.uk/information/ncsc-glossary.

Cyber-attack: a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber security incident: a breach of a system's security policy in order to affect its integrity or availability or the unauthorised access or attempted access to a system.

Ransomware: Malicious software that makes data or systems unusable until the victim makes payment.

  1. Please provide details of how many cyber-attacks to computer systems, networks or devices have taken place in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

    None.

  2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

    None.

  3. Please provide details of how many ransomware attacks have been made to your computer systems, networks or devices in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date.

    None.

  1. How many cyber-attacks have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

    None.

  1. How many cyber security incidents have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

    None.

  1. How many ransomware attacks have caused the loss/breach of data in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?
    None.

  1. On how many occasions has the authority paid money those involved in a ransomware attack - whether that is described as a ransom, fine, payment to unlock, purchase of unlocking product, fixing fee or any other payment to necessitate returning your systems to normal in each of 2014-15, 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20 to date?

    None.

  1. For any occasions referred to in question 7 please provide the date and the amount paid, including currency and method of payment, such as electronic transfer, Paypal, Bitcoin or any other means of paying the fee.

    N/A.

Please confirm whether ransomware attacks in your answer to question 3 have also been included in the totals for cyber-attacks and cyber security incidents in questions 1 and 2.

Please provide the answers to questions 1-7 by filling in the following table, with answers to question 8 listed separately if applicable. If you are replying with an attachment, please provide the data in an Excel spreadsheet, not a PDF or Word document.

Eden District Council
IT system problems
2014-15 2015-16 2016-17 2017-18 2018-19 2019-20
(to date)
Cyber-attacks 0 0 0 0 0 0
Cyber-security incidents 0 0 0 0 0 0
Ransomware attacks 0 0 0 0 0 0
Cyber-attacks with data loss 0 0 0 0 0 0
Cyber-security incidents with data loss 0 0 0 0 0 0
Ransomware attacks with data loss 0 0 0 0 0 0
Ransoms paid 0 0 0 0 0 0

Under the Freedom of Information Act that I am entitled to a response within 20 working days and would appreciate it if you can confirm this request has been received and is being considered as soon as possible.

Response date
05 August 2019