Adur & Worthing Councils launch investigation into new contractor data breaches

Released: Thursday, 15 June 2023

Adur & Worthing Councils have launched an investigation after two of our contractors were caught up in an international data breach.

Debt collection agencies Rundles and Jacobs have contacted us to say that the data of 84 Adur and Worthing residents may have been accessed by a criminal gang as part of a cyber attack on businesses and organisations around the world.

We use the companies to pursue unpaid debts. The companies had been using the MOVEit computer system to send letters to the residents when the software was illegally hacked on or after 31st May 2023.

An international hacking gang has claimed responsibility online for the attack. It has demanded ransoms from some businesses but has said that it has deleted its copy of data it took from local authorities, law enforcement agencies and government departments.

We were told on Tuesday 13th June that Adur and Worthing residents were among the victims. The Rundles data breach involves 79 residents while the Jacobs breach involves five residents.

An investigation was immediately launched to identify who those victims were and if more members of the community could have been targeted.

We have been told the data included residents' names, addresses, details of debts they owe us and reference numbers. The contractors have told us that MOVEit is no longer able to be accessed by the hackers and that data is at no further risk.

At this stage we believe the risk to the residents is very low, but we are writing to those involved to inform them and to apologise.

We have also written to the Information Commissioner's Office - the independent body set up to uphold people's information rights - to ensure it is aware of what has happened. We have also contacted the national cyber security team at the Department for Levelling Up, Housing and Communities for assistance.

An Adur & Worthing Councils spokesperson said:

“We are extremely unhappy that some of our residents' data has been able to be accessed in this way.

“Although the risk to our residents in this case appears to be low, they have the right to expect their personal data to be protected.

“We treat data protection extremely seriously and are currently identifying each and every one of our residents that has been affected so that we can contact them to apologise.

“We are also liaising with the national cyber-security team, the Information Commissioner and our contractors to ensure that everything is being done to prevent something like this happening again.”

This incident is not connected to a data breach involving another of our contractors, Capita, which became public last month.

There is no need for you to do anything unless we contact you on this issue.

However, if you have any concerns you can contact our data protection officer by emailing:

(PR23-078)

Back to top

Page last updated: 20 February 2024

Back to top