Received on 9 May 2017
Sent: 09 May 2017 17:54
Subject: FOI request - external electronic data breaches
I would like to make a request under the Freedom of Information Act 2000 relating to cyber attacks on your organisation.
To be clear, by "cyber attack" I am referring to the unauthorised external accessing or deliberate disruption of a computer system or a device owned and/or operated by your organisation.Types of cyber attack could include, but are not limited to: ransomware, denial of service, phishing and spear phishing.
By data, I refer to any information held on your computer systems or devices
Please could you answer the following:-
1) Does your organisation keep an incident log of cyber attacks?
2) How many cyber attacks - attempted and successful - were recorded against your organisation in the last three financial years (ie 2014/15, 2015/16, 2016/17)?
3) Where cyber attacks were successful, what kind and amount of data, if any, was lost or stolen? Was it confidential?
For each case, please confirm:
4) The type of attack (eg ransomware, denial of service etc)
5) What demand, for example a Bitcoin payment, was made to resolve the attack? Did your organisation comply?
6) Whether the attack was reported to police or other responsible authority? To the best of your knowledge, was the attacker traced/convicted?
If possible, please provide this information in Excel spreadsheet format.
Responded on 7 June 2017
Sent: 07 June 2017 16:40
Subject: RE: FOI request - external electronic data breaches (FOI_2017_38)
Case Reference: FOI_2017_38
7 June 2017
Thank you for your request for information dated 9 May 2017 concerning cyber-attacks on the British Council. Your request has been handled under the terms of the Freedom of Information Act (FOIA) 2000 and has been passed to me for reply.
Please find attached an excel spread sheet which provides the information you have requested.
I hope the information provided has been useful.
If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your original letter and should be addressed to:
Information Governance Advisor (Disclosures)
Information Governance and Risk Management
58 Whitworth Street
If you are not content with the outcome of the internal review, you have a right to appeal to the Information Commissioner for a decision at:
The Information Commissioner’s Office
Phone: 0303 123 1113
Information Governance Advisor (Disclosures) | Information Governance and Risk Management Team