Ealing Council facing £501,000 fine after its network was hit by a virus that crippled it for weeks

Ealing Council was hit by a virus in May that crippled its network for several weeks.

According to the London Evening Standard, a worker accidentally plugged an infected memory stick into a computer that forced the council to cut internet and phone links to preserve “core systems and data”. The network was then re-infected twice in the next week causing further shutdowns, with all terminals having to be rebuilt or replaced.

The report claimed that the incident happened in May when an unidentified worker plugged the memory stick into a computer at the council's social services and housing department in Southall.

The entire computer network was totally disabled for four days, while a report said that 1,838 parking tickets had to be cancelled, rent could not be collected and repairs were re-ordered because contractors' invoices could not be checked. Further, libraries lost £25,000 because they could not take money for fines and booking fees and a further £14,000 went on overtime to clear a backlog of housing benefit claims.

This left Ealing Council with a £501,000 bill for the emergency recovery and in lost revenue. A report being considered by councillors warned that the final cost could top £1.1 million if a new computer security system is needed.

A council spokesman told thisislondon.co.uk: “The council acted immediately to protect all data and ensure that essential frontline services could continue to operate. Costs to the council included urgent work to recover computer systems and prevent the virus from spreading.”

Jason Holloway, regional sales manager Northern Europe for SanDisk, commented:  “The specific virus hasn't been named, but it seems certain that it exploited the Windows Autorun vulnerability to upload itself and spread. It underlines that fact that conventional USB flash drives have become a key method for spreading infections stealthily – as the US Army found last year.

“It also shows that virus scanning has to extend beyond the PC to all types of removable storage or – better still – that employees should be issued with company flash drives that include on-board anti-virus scanning. This ensures that users can't turn off, disable or work around the protection, and would stop these USB-borne infections from spreading.”

Sign up to our newsletters