Initial reports suggested that there was no breach of customer data. The incident seems to be linked to East Kent Service (EKS), a collaborative IT and HR services provider that all three councils use.
ComputerWeekly.com reported:
In the case of Canterbury, Computer Weekly understands services including its planning department, online forms and maps have been taken offline, while Dover residents have lost access to online forms, and Thanet also appears to have lost its planning department and online forms.
The precise nature of the attacks remains undisclosed, although they do bear some hallmarks of a ransomware incident. In this instance, the facts of the three victims’ proximity to one another, and the similar nature of the services impacted, indicate the attacks may share a common thread.
Source of information: Neighbouring Kent councils hit by simultaneous cyber attacks
Choosing an IT Service Provider
An IT service provider has access to all of your systems at admin level, which gives them access to all of your personal data. A DPIA (data protection impact aassessement) will help you identify any risks arising out of the processing of your personal data and help to minimise those risks as far and as early as possible. Have you completed a DPIA on your IT service provider?We recommend doing this as part of your third party due diligence and can provide help and guidance around this using our Supplier Due Diligence Best Practice.
We have guidance about changing your IT provider: document DPE Changing IT Provider Considerations (205 KB)
The DfE Digital Standards for Schools and Colleges advises that it is the school's responsibility to ensure they meet any technical standards and security measures (including those around data protection).
Our customers have access to a series of checklists to help with their compliance, such as the Information and Cyber Security checklist (accessible with a valid DPE subscription):