A ‘cyber attack’ has hit authorities across Greater Manchester — leaving thousands vulnerable to a phishing scam.
The attack, which initially hit one borough last week and spread over the weekend, on software company Locata has downed the housing websites for Manchester, Salford, and Bolton councils.
It has also led to thousands of users being sent a phishing email asking them to ‘activate your tenancy options’ and hand over personal data.
Locata, which provides housing software for councils across the country, has apologised for the disruption.
A statement from the firm said: “On July 29, we identified an IT security incident which impacted a small number of public facing websites which Locata Housing Services run on behalf of local authorities.
“We moved quickly to manage the issue and, working with third-party IT experts are investigating the matter. We have informed those local authorities impacted and our investigation is ongoing. We are keeping them updated and are working to resolve this matter as soon as possible. We would like to apologise for what has happened.”
Locally, authorities said they were ‘aware’ of the attack and scam.
Bolton was also affected, a spokesperson confirmed: “We are aware of a cyber attack against Locata, a third party software company which supplies many local authorities in the UK.
“Some people registered on the Homes for Bolton choice-based lettings service have been targeted by an email phishing scam as a result. We urge people to be extra vigilant.
"If you believe you may have received a phishing email and already clicked on a link or shared personal information, please follow the guidance on the UK national Cyber Security Centre website as soon as possible. All registered individuals on the system have been contacted and advised accordingly.”
A message on the Homes for Bolton website states:
"Site under maintenance
"The Homes for Bolton website is currently temporarily closed for public access whilst administrative maintenance is undertaken. If you require urgent housing assistance please contact the Homes for Bolton team tel: 01204 335811 or email: homesforbolton@bolton.gov.uk Please be advised that shortlists may still be processed and you may still receive contact from the Homes for Bolton team and our partner landlords if you have a current application"
A Manchester council spokesperson said: “We are aware that following a cyber attack over the weekend that some Manchester Move applicants have received a scam email asking them to create a new account to progress their application.
“Only the public facing section of the website was impacted and so limited personal data was breached, however we would ask any applicants to delete any suspicious looking emails and do not click on any links if you’re not sure they’re from a trusted source. Manchester Move would never request personal information via a link – but if you are unsure or you want to check your account, please get in touch.
“Following the breach, the Manchester Move website was quickly taken offline to stop any further activity and to allow the site supplier to analyse the site and review its safety. The phishing site has already been removed so the link in the scam email cannot work – and the Council has also referred the breach to the Information Commissioner’s Office.
“We take holding and protecting personal data seriously and we are working closely with the website supplier to ensure it is safe – and the Manchester Move website will remain deactivated until we are satisfied that we can avoid similar incidents in the future. We apologise for any inconvenience caused.”
They added applicants can contact Manchester Move on mcchscrg.admin@manchester.gov.uk or contact their Housing provider where their application is held. The advice to anyone who clicked the phishing link or shared personal information is to follow UK National Cyber Security Centre guidance.
Salford was also hit by the breach. Initially, it was targeted last week.
“The Salford Home Search website has been the victim of a cyber breach, in order to keep residents’ personal information safe the service has been temporarily suspended at the request of Salford City Council,” a spokesperson said. “The software behind the system is not controlled by Salford City Council it is managed and maintained by a third party company.
“As a result of this breach some customers may have received phishing emails encouraging them to click links and add personal data to an alternative website. The company responsible are unable to confirm to what extent personal data has been revealed. The council is therefore urging Salford Home Search users that may have clicked on links in emails to follow the below steps.”
It recommends ‘monitoring your bank account for any suspicious activity’, ‘contacting your bank immediately if you clicked a link’, ‘if you have lost money report it immediately to Action Fraud’, ‘change your passwords if you have any other accounts with the same password as your Salford Home Search Account’ and ‘consider signing up for free credit report’.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel