Three councils in the United Kingdom have taken some of their public-facing systems offline due to an ongoing cybersecurity issue.
Canterbury City Council, Dover District Council, and Thanet District Council, three local authorities based in the county of Kent, said jointly on Friday that they “are investigating a cyber incident” that has disrupted online services for potentially hundreds of thousands of residents. All three councils said they are working closely with the U.K.’s National Cyber Security Center (NCSC), which confirmed to TechCrunch that it is “working to fully understand the impact of an incident.”
When reached by email, Robert Davis, Andy Steele and Marvia Roach, spokespeople for Canterbury, Dover and Thanet councils, respectively, told TechCrunch that as a result of the ongoing cybersecurity incident — the nature of which remains unknown — parts of the councils’ websites “may not work as intended.”
At the time of writing, Canterbury City Council’s website states that residents “won’t be able to apply for, report something or pay for most services online at the moment” or “search or comment on planning applications or use our online maps.”
Davis, the spokesperson for Canterbury City Council, said that the city had isolated all systems out of an “abundance of caution,” but added that the council’s initial investigation suggests that no customer data has been accessed, echoed in a statement on the city’s website.
The NCSC and the three councils declined to say whether the cybersecurity issue relates to an in-house system or an outside vendor.
TechCrunch understands that the ongoing disruption is linked to an outage impacting EK Services, an organization set up by Canterbury, Dover and Thanet in 2011. All three councils outsource IT and human resources services, such as call center, benefits, and debt recovery, to EKS, whose website is inaccessible at the time of writing.
TechCrunch found that some of Canterbury City Council’s payments systems, provided by EKS, were unavailable. Dover and Thanet are also both reporting issues with online forms and online payments.
Since 2018, outsourcing giant Civica has provided EKS services as part of a seven-year deal to cut costs across the three councils.
In a statement given to TechCrunch, Civica spokesperson Fintan Hastings said, “We can confirm that this incident was not caused by any of our systems.” Hastings declined to comment further but did not dispute that EKS had been the victim of a cyberattack. “We will support affected customers if requested and assist in any way we can to minimize the impact for them and the citizens they serve,” said Hastings.
TechCrunch reached out to multiple people at EKS but received no responses at the time of writing. TechCrunch was also unable to reach an EKS representative by phone.
Do you have any more information about this incident? You can contact Carly Page securely on Signal at +441536 853968 or by email. You can also contact TechCrunch via SecureDrop.