Cyber attack disrupts Greater Manchester council housing services

A significant cyber security incident has affected housing software across the Greater Manchester region, leading to the temporary shutdown of several council housing websites. Locata, the software provider, supports housing operations for councils nationwide and confirmed that the attack initially targeted one borough in Greater Manchester, subsequently spreading to others, including Manchester, Salford, and Bolton councils.

The breach has had severe implications, notably the distribution of a phishing email to thousands of users, instructing them to “activate your tenancy options” and submit personal data. Salford experienced the initial impact, with its Home Search website taken offline at the start of August.

Locata issued an apology and detailed their response in a statement: “On July 29, we identified an IT security incident which impacted a small number of public facing websites which Locata Housing Services run on behalf of local authorities. We moved quickly to manage the issue and, working with third-party IT experts are investigating the matter. We have informed those local authorities impacted and our investigation is ongoing. We are keeping them updated and are working to resolve this matter as soon as possible. We would like to apologise for what has happened.”

Manchester City Council addressed the direct effects on residents, with a spokesperson stating: “We are aware that following a cyber attack over the weekend that some Manchester Move applicants have received a scam email asking them to create a new account to progress their application. Only the public facing section of the website was impacted and so limited personal data was breached.”

The council took further preventative measures by taking the Manchester Move website offline and removing links to the phishing site. They also reported the breach to the Information Commissioners Office and issued guidance urging housing applicants to delete suspicious emails, avoid clicking unverified links, and change their passwords.

Bolton Council’s Homes for Bolton website was similarly compromised. Across all affected councils, there has been a strong emphasis on the importance of updating passwords and considering the extent of password reuse.

This series of cyber incidents follows other attacks in the region, including a third-party breach last autumn that compromised the badge information of thousands of Greater Manchester Police officers and a separate attack on the University of Manchester.

Image from Pixabay