‘Sex life data’ stolen from UK government in record number of ransomware attacks

Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record ransomware attacks to hit Westminster in the first half of this year.

It is not known which department the information was stolen from, or why the government had the data, which the Information Commissioner’s Office (ICO) defines as “any data about a person’s sex life that is not related specifically with guidance or health.” ”, which could include using dating apps and period trackers.

According to the most recent tranche of security incident trends data published by the ICO, there have been 10 ransomware attacks on central government in the first six months of this year, doubling the total number of successful attacks on Whitehall departments since records began in 2019.

A sharp increase in incidents can be observed in several sectors. How reported from Recorded Future News, data previously released by the ICO showed that ransomware attacks reached record levels in 2022, with criminals compromising the data of at least 5.3 million people from more than 700 organizations.

But in the first half of 2023 alone, 667 organizations in the UK were already compromised by ransomware criminals, equivalent to just over 94% of the 706 affected last year, suggesting that efforts to tackle the criminal ecosystem are not proving to be effective.

The government did not respond to Recorded Future News about why it had sex life data. A Home Office spokesman said: “Ransomware is the most significant cyber threat facing the UK today. Defending the UK against ransomware attacks and reducing its impact on victims is a priority for this government.”

The data backs up comments from UK security minister Tom Tugendhat, who warned in September: “The UK is a prime target for cybercriminals. Their attempts to shut down hospitals, schools and businesses have wreaked havoc on the lives of people and cost the taxpayer millions. Unfortunately, we’ve seen an increase in attacks.”

Even in the first six months of this year, ransomware attacks have already broken the record in several critical sectors in the UK. Both central and local government reported more incidents in the first half of the year than in the previous three years.

Efforts to address the business model that drives financial cyberattacks on government systems have involved dozens of countries recently. signing a commitment as part of the Counter Ransomware Initiative to never pay an extortion fee in the event of an attack targeting “relevant institutions under the authority of our national government.”

At the time, Tugendhat said the pledge was “an important step forward in our efforts to disrupt highly organized and sophisticated cybercriminals, and establishes a new global standard that will help disrupt their business models and deter them from address our country”.

Responding to Recorded Future News for this story, an Interior Ministry spokesperson cited the pledge along with “the sanctioning of 18 Russian cybercriminals” as demonstrations of the government’s response to the criminal ecosystem.

“We will continue to use all the levers available to the Government to counter this heinous crime and hold these criminal actors accountable,” they added.

Data from the first half of this year that reveal a record number of incidents affecting the public sector do not cover the period when the pledge was active. However, even then it would not prevent payments from private sector organisations, which ICO data shows make up the bulk of the victims of the criminal ecosystem.

Almost every sector included in the ICO data looks set to experience a record number of ransomware attacks in 2023. Some, including Finance & Credit, Utilities & Technology, and Telecommunications, have already surpassed that mark.

The 87 attacks in the education and childcare sector resulted in 14 incidents in which data was stolen from up to 156,000 children, including one incident affecting between 1,000 and 10,000 children in which sexual orientation data were compromised by hackers.

Since 2019, there have been 19 incidents where children’s sexual orientation data was stolen from organizations in the sector.

Speaking earlier to Recorded Future News, Jamie MacColl, a researcher at the Royal United Services Institute (RUSI), whose work includes a research project on ransomware damage and the victim experience – said: “We have collected very little evidence that stolen or leaked personal data… is being systematically exploited by ransomware threat actors or other cybercriminals.

“However, this does not mean that there are no incidents where highly sensitive information about individuals has been published or sent to increase pressure. … During our investigation, we also learned of cases where actors in ransomware threat they had targeted schools and then sent safeguard data stolen to parents to get them to increase the pressure on schools to pay.”

In 2020, ransomware incidents accounted for 20% of all cyber incidents, before rising to 28% the following year. Ransomware attacks continued to increase to 34% in 2022 and, as of the first half of this year, now account for nearly two out of every five incidents.

Establishing the true scale of ransomware incidents is a challenge for officials trying to figure out how to tackle the problem. Victims are not required to report attacks to law enforcement, and blackmail extortion sites only provide a partial count of victims who refused to pay.

The ICO data is collected under UK data protection laws, which require companies to report personal data breaches to the regulator under the threat of being fined 4% of global turnover the organization if they do not make a report.

No company has ever received such a fine, and the dataset only covers ransomware incidents involving a personal data breach, meaning an attack involving server-level encryption may not require reporting.

Earlier this year, the National Cyber ​​Security Center and the ICO also published a joint blog entry saying they were “increasingly concerned” that ransomware victims were keeping incidents hidden from both law enforcement and regulators.

Despite the limitations of the ICO data, experts such as RUSI’s MacColl have told Recorded Future News that it is “probably the most comprehensive public dataset on the frequency of ransomware attacks in the UK”.