Cyber Incident Victim: Dover District Council
Date:
Jan 2024
Location:
United Kingdom
Summary
A cyberattack targeting three UK councils disrupted public online services, prompting system isolations and investigations with national cybersecurity authorities. Initial findings indicated no data compromise, though residents experienced outages in payment processing, form submissions, and planning application access. The incident was linked to an IT services provider shared by the councils, whose website became inaccessible; the councils' outsourcing partner denied system involvement but pledged support for recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 7 motives | 7 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 1, 2024, Canterbury City Council, Dover District Council, and Thanet District Council in Kent, UK, experienced a cybersecurity incident that disrupted public-facing online services. The councils jointly announced the disruption on January 19, 2024, stating they were actively investigating the incident with support from the UK's National Cyber Security Centre (NCSC). As a precautionary measure, all three councils took multiple systems offline, resulting in residents being unable to access critical online services including planning application portals, online maps, payment systems, and digital forms for reporting issues or requesting services. Canterbury City Council specifically confirmed it had isolated all systems and stated preliminary investigations suggested no customer data had been compromised, though full impact assessments remained ongoing. The councils' spokespeople acknowledged that significant portions of their websites were non-functional or operating with reduced capacity, affecting hundreds of thousands of residents across the three jurisdictions.
Technical evidence indicated the disruption originated from an outage at EK Services, the shared IT services provider established by the three councils in 2011, which managed critical infrastructure including payment processing, benefits administration, call centers, and debt recovery systems. EK Services' website became inaccessible during the incident, and all three councils confirmed failures in externally provided systems—specifically citing unavailable online payment portals and digital forms hosted by EKS. Civica, the outsourcing firm contracted since 2018 to manage EKS operations under a seven-year agreement, publicly denied responsibility for the incident but acknowledged EKS had been compromised and offered technical support to mitigate impacts. Despite ongoing collaboration between the councils, NCSC, and external providers, the nature of the cyberattack remained unconfirmed, with no threat actor identified and no ransomware claims publicly disclosed. As of the latest reports, restoration efforts continued with no estimated timeline for full service recovery.