The city council's strategic director of city developments and neighbourhoods has provided an update on the cyber incident that was identified on 7 March.
“We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group," said Richard Sword, Leicester City Council's strategic director of city developments and neighbourhoods.
“This group is known to have attacked a number of government, education and healthcare organisations.
“This relates to the cyber incident identified by the council on 7 March, which led to us closing down our IT systems.
“At the moment we are aware of around 25 or so confidential documents that have been published online. They include rent statements, applications to purchase council housing and identification documents such as passport information.
“The breach of confidential information is a very serious matter and its publication is a criminal act. We are in the process of trying to contact all of those affected by this breach, and have also notified the Information Commissioner.
“We realise this will cause anxiety for those affected, and want to apologise for any distress caused.
“At this stage we are not able to say with certainty whether other documents have been extracted from our systems, however we believe it is very possible that they have.
“We are continuing to work with the cyber crime team at Leicestershire Police and the National Cyber Security Centre as part of this ongoing criminal investigation.
“As this is a live investigation we are not able to comment in further detail, but will continue to give updates when we have news to share.”
Most of the council’s systems and phone lines are now back operating as normal after the council shut them down on 7 March. There is no reason for concern about conducting business as usual with the council.
The council is encouraging its staff and the public to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.
If anyone is approached by someone claiming to be in possession of data relating to them, they should report this to Leicestershire Police on 101 or online here
Advice to individuals and their families on how to protect themselves from the impact of data fraud is offered by the National Cyber Security Centre here
The council has published some FAQs about the cyber incident on its website