Hackney Council is to spend hundreds of thousands of pounds more than planned as part of work to recover from a cyber attack in 2020.
Councillor Robert Chapman said the borough’s “financial predicament remains serious”, with the overall total overspend for the accounting year at about £37m.
The council’s accounts show that £344,000 has gone towards hiring more agency staff, partly to manage a backlog caused by the attack.
A further £413,000 is being spent on IT consultants with “cybersecurity knowledge”.
In January 2021 a criminal group posted personal details of council staff and residents on the dark web following a ransomware attack three months earlier.
In July of this year, the Information Commissioner’s Office (ICO) rebuked the local authority for a “lack of proper security and processes to protect personal data”.
Stephen Bonner, deputy commissioner at the ICO, called the breach a “clear and avoidable error” by the council, after the regulator found “simple mistakes like having dormant accounts where the username and password are the same”.
“Whilst nefarious actors may always exist, the council failed to effectively implement sufficient measures that could have better protected their systems and data from cyber-attacks,” Mr Bonner added.
“Time and time again, we see breaches that would not have happened if such mistakes were avoided,” he said.
Responding at the time, Hackney Council disagreed with the ICO’s findings, saying it had not been in breach of its security obligations.
In 2023, the council announced it would purchase a new “off-the-shelf” housing system to deal with ongoing tech problems following the hack.
The fallout from the cyber-attack has exacerbated the “challenging financial environment” for the borough, council reports state, especially due to a real-terms fall in government funding of almost 40% since 2010.