Edinburgh City Council has been hit with a major cyber-attack leading to the theft of 13,000 email addresses, it has emerged.
A brief statement on the council’s website claimed that hackers conducted the cyber-raid on the council’s website, hosted in a UK data center.
A BBC report added more details, claiming the attack happened nearly a fortnight ago, was aimed at the council’s website service provider and involved the breach of over 13,000 email addresses.
A spokesperson claimed in a statement that the matter had been dealt with swiftly and that no services were affected.
“We are contacting everyone who has been affected to inform them of the incident and offer them advice and support. We have reassured individuals that the only details that have been accessed are their email addresses,” the statement said.
“The Information Commissioner’s Office has been informed and preventative measures have been taken by the web service providers.”
Barracuda Networks’ EMEA GM, Wieland Alge, said the incident highlighted the need for organizations to take full responsibility for the security of their data.
“The most important takeaway here is that just because your hosting service or CDN or cloud provider says that they provide ‘a secure environment’, it almost never means that they secure your web applications as well,” he added.
“Organizations should query their providers regarding specific web application security features and explore avenues of supplementing these.”
Matt Johansen, director of security services and research at WhiteHat Security, claimed cyber-attacks targeting website vulnerabilities have become an everyday occurrence.
He argued that the best way to improve defenses is to proactively check for and report web vulnerabilities before they’re exploited.
“According to our 2015 website security statistics report 86% of 30,000 websites have at least one serious vulnerability where an attacker could compromise the system and cause serious commercial or reputation damage,” said Johansen.
“And to add insult to injury, it takes an average of 193 days to remediate the vulnerabilities that are fixed – not to mention the 39% of flaws that are never closed.”