Ministry of Justice (Department of Justice) has been the victim of two ransomware attacks in the past two years. The first case targeted the London Borough of Hackney in October 2020, and the second against Everywhere, a data processor providing court recordings and transcription services, december 2020.
Data, analyzed through specialized litigation practice Griffin Law, disclosed in the Ministry of Justice’s annual report and accounts, and both cases were reported to Information Commissioner’s Office (iCO).
According to the report, the first attack, carried out against the London Borough of Hackney, likely caused a personal data breach affecting an “unknown” number of people. The incident was reported to the ICO on October 29, and their response is still pending.
The second attack on Ubiqus also affected the personal data of an “unknown” number of people. The ICO has closed its investigation into this case and no further action has been taken.
In total, between April 2020 and March 2021, 16 large personal data incidents, affecting approximately 5,476 people, were reported to the Information Commissioner’s Office of the Department of Justice.
The largest incident spanned seven months and is likely to affect more than 5,200 individuals and 55 companies. This was due to an inaccurate change in the “petition data”.
In another case, vaccination status data from up to 25 HMPPS employees was stolen from an employee of a third-party occupational health service provider, after the vehicle was broken into. The data was eventually returned to HMPPS.
There were also 6,267 other incidents during the time period that did not meet the minimum required to be reported to the ICO.
These discoveries come a month after the announcement of the UK government’s National Cyber Strategy 2022 which aims to build a robust and resilient cyber landscape using a thriving digital infrastructure to help combat ransomware attacks. The government has committed to spending £22 billion on research and development with technology taking a central role in national security.
Tim SadlerTessian, CEO and Co-Founder commented, “The ransomware threat continues to spread like wildfire, causing devastating damage to businesses and operations, and the sad truth is that it shows no sign of slowing down. As the majority of ransomware attacks start with a phishing attack , Organizations across all sectors should have measures in place to catch such malicious emails as soon as they reach their inbox.This will greatly reduce the chance of a tired, distracted or gullible employee from opening or responding to a disguised or customized phishing email .”
Edward BlakeVice President, Europe, Middle East and Africa for Absolute softwareHe said, “Ransomware attacks have risen in sophistication and quantity over the past 24 months, and all organizations have been affected, and will continue to, this growing threat trend. As a result, it is no longer safe to assume that bad actors have not actually secured the means to breach the system. Company.Therefore, implementing zero-trust protocols to prevent malicious parties from moving horizontally across the business network is a vital precaution that organizations must take to protect themselves from this growing cyber threat.
“Moreover, protecting devices with resilient endpoint security equipped with self-healing capabilities is vital to ensure applications remain in a healthy state, and endpoints are fully protected from external cyberattacks.”
Donal Blaney, founder of Griffin Law, criticized the Department of Justice and HMCTS, saying, “For the rule of law to mean anything, the courts must be adequately funded, staffed and efficiently run. If the Department of Justice and HMCTS cannot put their homes in order, what faith do they have? Can we as a society have that our judicial system is not being run in a similarly inept way?”