Thousands of “potentially damaging” pieces of information, including passwords for civil servants, are for sale on the dark web, an investigation has found.
The information, believed to include the usernames and passwords of staff in councils across the North East, was available for as little as £1,000, according to the firm Bondgate IT.
The firm looked at nine local councils using monitoring software, and found that all nine had data that was available for purchase on the dark web.
The company’s monitoring service also found 13,000 compromised items relating to universities.
Using the data, hackers could potentially gain access to the accounts of council staff to release funds, bring down websites, or send targeted phishing emails purporting to be from the local authority.
It comes after a serious cyber attack on Redcar and Cleveland Council last year, which left it without online services for weeks, and was estimated to cost £10 million.
Garry Brown, the managing director of Bondgate IT, said: “Local authorities and universities across the region have taken tremendous strides in updating their IT security, educating staff, and reducing the threat posed by ransomware.
“However, the increasing amount of data being offered for sale on the dark web highlights the need for ongoing vigilance when it comes to IT security.
“The danger is that a hacker accesses a staff member’s email and their contacts. It is then easy to steal their identity, gain commercial insights, circulate malware and ransomware, issue instructions to release funds, and access sensitive information.”
Last year, councils reported more than 700 data breaches to the Information Commissioner’s Office (ICO).
In January, it was revealed that hackers had published data stolen from Hackney Council on the dark web.
The dark web is not accessible through normal searches such as Google, but requires specialist software to access which hides user data so that criminals can access illegal content such as drug marketplaces and child pornography anonymously.
A National Cyber Security Centre (NCSC) spokesman said: “In conjunction with law enforcement partners, the NCSC works closely with local authorities to advise on cyber security best practice, mitigate against threats and support incident responses.
“We strongly encourage all local authorities to adopt the NCSC’s Active Cyber Defence services, which help mitigate the majority of cyber threats the majority of time.”
Sign up to the Front Page newsletter for free: Your essential guide to the day’s agenda from The Telegraph – direct to your inbox seven days a week.Internet Explorer Channel Network