Cyber Incident Victim: Thanet District Council
Date:
Jan 2024
Location:
United Kingdom
Summary
A cyber incident disrupted online services for three UK councils in Kent, prompting them to take public-facing systems offline while investigating with the National Cyber Security Centre. The disruption affected planning applications, online payments, service requests, and other digital platforms, with initial assessments indicating no confirmed unauthorized access to customer data. The councils' shared IT services provider, EK Services—contracted to Civica—experienced an outage linked to the incident, though Civica stated its systems were not the source. All three local authorities isolated affected systems as a precautionary measure while working to restore functionality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 7 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Three councils in Kent, United Kingdom—Canterbury City Council, Dover District Council, and Thanet District Council—jointly announced on Friday, January 19, 2024, that they were investigating a cybersecurity incident disrupting public-facing online services. The councils took precautionary measures by isolating affected systems, leading to partial or complete unavailability of websites and digital services. Residents across the three jurisdictions lost access to critical online functions, including applications for services, payment portals, reporting tools, and planning application searches. Canterbury City Council explicitly warned that most online services were nonfunctional, while Dover and Thanet reported similar disruptions to online forms and payment systems. The councils collaborated with the UK’s National Cyber Security Centre (NCSC), which confirmed it was assessing the incident’s scope but did not disclose technical details. Initial statements from Canterbury City Council indicated no evidence of customer data compromise, though investigations remained ongoing. The councils declined to specify whether the incident originated from internal infrastructure or third-party systems, and the NCSC echoed this nondisclosure stance.
The disruption was linked to an outage at EK Services (EKS), a shared-services organization established in 2011 by the three councils to manage IT, HR, call centers, benefits administration, and debt recovery. EKS’s website became inaccessible during the incident, and its services—including payment systems provided to Canterbury, Dover, and Thanet—were rendered unavailable. Civica, the outsourcing provider contracted since 2018 to operate EKS under a seven-year agreement, stated its systems were not the cause but acknowledged EKS’s involvement in the incident. Civica pledged support to minimize impacts but did not contest reports characterizing the event as a cyberattack. EKS representatives could not be reached for comment via email or phone, leaving the root cause and attacker methodology unconfirmed. Service disruptions persisted at the time of reporting, with no publicized recovery timeline or additional details on operational or financial consequences for the councils or residents.