Sunderland City Council library database suffered cyber attack compromising customer data

• The library database holds information of almost 145,000 customer accounts, out of which, 45 accounts were accessed by hackers.
• The external company which provides and hosts the database is unable to identify which 45 customers' details have been accessed, therefore all library users are requested to remain vigilant.

Attackers broke into Sunderland City Council’s library database and accessed customers’ personal information.

What was compromised?

The library database holds information of almost 145,000 customer accounts, out of which, 45 accounts were accessed by hackers. The compromised information includes names, phone numbers, and dates of birth.

The external company which provides and hosts the database is unable to identify which 45 customers' details have been accessed, therefore all library users are requested to remain vigilant.

What was the immediate action taken?

• Sunderland City Council is working with the external company that hosts and provides the database to determine the impact of the incident.
• It is also working with the Information Commissioner's Office to investigate the incident.
• The council is taking the necessary remedial measures to avoid such incidents from happening in the future.
• It has also taken steps to review and enhance its existing security measures.
• Further, the council has requested the library users to be extra cautious while providing any personal details online.

Security measures in place

Fiona Brown, the council's executive director of neighborhoods, said that they have extensive organizational and security measures in place to protect customers’ personal information. However, Brown urges all contractors to provide evidence that they also have the same measures in place.

“We take the issue of cyber security extremely seriously and have robust procedures in place to guard against data loss including the use of encryption and other practical measures. That includes reviewing and reinforcing existing security measures, and liaising with the Information Commissioner’s Office and other regulatory authorities,” Brown said.