Following the refusal of London councils to pay the ransom, the Black Basta gang has published 500GB of sensitive data on the dark web. The leak includes scanned passports, council tax records, and social care case files for thousands of residents in Kensington, Chelsea, and Westminster.
Business Impact
This is the “worst-case scenario” realized. The exposure of highly sensitive vulnerable resident data creates severe safeguarding risks and opens the councils to massive GDPR fines and class-action lawsuits. Trust in local government digital services has been severely damaged.
Why It Happened
The UK government maintains a strict policy against paying ransoms. While this discourages future attacks, the immediate consequence is the weaponization of stolen data. Black Basta followed through on their threat to punish the victim for non-payment.
Recommended Executive Action
Public sector leaders must prepare crisis communication strategies for data leaks. Ensure that “identity protection” monitoring services are pre-contracted and ready to deploy to citizens immediately upon a confirmed leak.
Hashtags: #DataLeak #London #BlackBasta #Privacy #GDPR #PublicSector #CyberCrime #InfoSec