Cyber Incident Victim: East Kent Services
Date:
Jan 2024
Location:
United Kingdom
Summary
A cyberattack targeting IT systems shared by three local councils in Kent disrupted online public services, prompting the councils to take affected systems offline as a precaution. The incident impacted payment portals, planning application tools, online forms, and other digital services for residents, with initial investigations suggesting no unauthorized access to customer data. The disruption was linked to an outage at EK Services, the shared provider managing IT and HR functions for the councils under an outsourcing agreement with Civica, which denied its systems caused the incident. The councils collaborated with the UK's National Cyber Security Centre to investigate the attack, though the specific nature of the compromise remained undisclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 7 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 1, 2024, a cybersecurity incident disrupted online services for three local councils in Kent, UK: Canterbury City Council, Dover District Council, and Thanet District Council. The councils jointly announced an ongoing investigation into the incident on January 19, 2024, confirming widespread disruptions to public-facing systems affecting hundreds of thousands of residents. Initial actions included taking affected systems offline, with Canterbury City Council isolating all systems as a precautionary measure. Service disruptions included the inability to process online payments, submit reports, access planning applications, or use digital mapping tools through council websites. Canterbury specifically disabled applications, reporting portals, and payment systems for most services, while Dover and Thanet experienced failures in online forms and transactional systems. Council spokespersons Robert Davis (Canterbury), Andy Steele (Dover), and Marvia Roach (Thanet) acknowledged technical issues but did not disclose the incident's origin or nature. The UK National Cyber Security Center (NCSC) engaged in impact assessment but did not confirm whether the breach originated from council infrastructure or third-party providers.
Technical evidence linked the disruptions to an outage at East Kent Services (EKS), a shared services organization established in 2011 to provide IT, HR, call center, benefits administration, and debt recovery support to the three councils. EKS's website became inaccessible during the incident, and multiple payment systems operated by EKS for Canterbury were confirmed offline. Civica, the outsourcing provider managing EKS services since 2018 under a seven-year contract, denied its systems caused the incident but acknowledged EKS's involvement without disputing the cyberattack characterization. Civica spokesperson Fintan Hastings committed to supporting recovery efforts while councils maintained that initial investigations found no evidence of customer data compromise. EKS representatives remained unresponsive to contact attempts throughout the immediate aftermath, leaving the attack vector and perpetrator unidentified in public statements. Service restoration timelines and forensic findings were not disclosed by the councils, NCSC, or vendors at the time of reporting.