Council data breaches since 2020
Dear Greenwich Borough Council,
Under the Freedom of Information Act, I would like to request the following information.
- The number of data breaches your council has been victim to in the 2020, 2021, 2022 and 2023 calendar years.
- How many people were affected by each data breach.
- What type of data breach each one was.
A data breach is when sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual who is unauthorised to do so. It includes:
- Malware attack
- Phishing attack
- Brute force attack
- SQL injection attack
- Business Email Compromise (BEC)
- Stolen information
If you require any further clarification or have any questions, please let me know.
Yours faithfully,
Jamie Dixon
Dear Mr Dixon,
FOI request: FOI-1449
Thank you for your request dated 29/02/2024
Your request will be answered by 28/03/2024
If you have any queries about this request, please contact me, quoting the
reference number above.
Yours sincerely,
David White
Head of Information, Safety and Community Services
Directorate of Communities, Environment and Central
Royal Borough of Greenwich
* 3^rd Floor, The Woolwich Centre, 35 Wellington Street, London, SE18
6HQ
8 [1]www.royalgreenwich.gov.uk
ü Please consider the environment before printing this email
Dear Mr Dixon,
FOI request: FOI-1449
Thank you for your request dated 29/02/2024
Your request is currently being dealt with under the terms of the Freedom
of Information Act 2000 and will be progressed as soon as we have received
the clarification requested below.
Please clarify of you are seeking information only on the types of breach
that fall under the categories you have listed below (cyber security
incidents)? –
- Malware attack
- Phishing attack
- Brute force attack
- SQL injection attack
- Business Email Compromise (BEC)
- Stolen information
Please quote the reference number in your reply.
If we have not received clarification within 2 months of this email, we
will close the request.
Yours sincerely,
David White
Head of Information, Safety and Community Services
Directorate of Communities, Environment and Central
Royal Borough of Greenwich
* 3^rd Floor, The Woolwich Centre, 35 Wellington Street, London, SE18
6HQ
8 [1]www.royalgreenwich.gov.uk
ü Please consider the environment before printing this email
Dear David,
Thanks for your reply! I can confirm I am requesting information on breaches that fall under these categories:
- Malware attack
- Phishing attack
- Brute force attack
- SQL injection attack
- Business Email Compromise (BEC)
- Stolen information
Yours sincerely,
Jamie Dixon
Dear Mr Dixon
FOI-1449
Thank you for your clarification dated 14/03/2024.
Your request has been reopened and will now be answered by 11/04/2024.
If you have any queries about this correspondence, please contact us
quoting the reference number above.
Yours sincerely,
David White
Head of Information, Safety and Community Services
Directorate of Communities, Environment & Central
Royal Borough of Greenwich
* 3^rd Floor, The Woolwich Centre, 35 Wellington Street, London, SE18
6HQ
8[1]www.royalgreenwich.gov.uk
ü Please consider the environment before printing this email
Dear Mr Dixon,
Freedom of Information request: FOI-1449
Thank you for your request dated 14/03/2024
Our response is as follows:
- The number of data breaches your council has been victim to in the 2020,
2021, 2022 and 2023 calendar years. – 1 in 2023 that potentially falls
within the categories listed
- How many people were affected by each data breach. - none; the breach
occurred when a test server was accessed, affecting a document that did
not include personal data. As personal data was held on the server, the
breach has been recorded, although there is no evidence that any personal
data was accessed. This was externally validated by the council's cyber
security partner.
- What type of data breach each one was. – unauthorised access/ransomware
If you have any queries about this correspondence, please contact me,
quoting the reference number above.
If you are not satisfied with our response to your request, you can ask
for an Internal Review. Internal review requests must be submitted within
two months of the date of receipt of the response to your original
request. If you wish to do this, please contact us in writing, setting
out why you are dissatisfied.
If you are not satisfied with the outcome of the Internal Review, you may
apply directly to the Information Commissioner (ICO) for a decision.
Generally, the ICO cannot make a decision unless you have exhausted the
Internal Review procedure provided by the Council. You can contact the ICO
by emailing [1][email address], or by post at Customer Contact,
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
SK9 5AF.
Yours sincerely,
David White
Head of Information, Safety and Community Services
Directorate of Communities, Environment and Central
Royal Borough of Greenwich
* 3^rd Floor, The Woolwich Centre, 35 Wellington Street, London, SE18
6HQ
8[2]www.royalgreenwich.gov.uk
ü Please consider the environment before printing this email
From: foi <[Greenwich Borough Council request email]>
Sent: Thursday, February 29, 2024 1:47 PM
To: 'Jamie Dixon' <[FOI #1094637 email]>
Cc: foi <[Greenwich Borough Council request email]>
Subject: FOI-1449 - Council data breaches since 2020
Dear Mr Dixon,
FOI request: FOI-1449
Thank you for your request dated 29/02/2024
Your request will be answered by 28/03/2024
If you have any queries about this request, please contact me, quoting the
reference number above.
Yours sincerely,
David White
Head of Information, Safety and Community Services
Directorate of Communities, Environment and Central
Royal Borough of Greenwich
* 3^rd Floor, The Woolwich Centre, 35 Wellington Street, London, SE18
6HQ
8 [3]www.royalgreenwich.gov.uk
ü Please consider the environment before printing this email
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now