The Request

Received on 9 May 2017


Sent: 09 May 2017 17:54

To: IG_Disclosures

Subject: FOI request - external electronic data breaches

Dear sir/madam,

I would like to make a request under the Freedom of Information Act 2000 relating to cyber attacks on your organisation.

To be clear, by "cyber attack" I am referring to the unauthorised external accessing or deliberate disruption of a computer system or a device owned and/or operated by your organisation.Types of cyber attack could include, but are not limited to: ransomware, denial of service, phishing and spear phishing.

By data, I refer to any information held on your computer systems or devices

Please could you answer the following:-

1) Does your organisation keep an incident log of cyber attacks?

2) How many cyber attacks - attempted and successful - were recorded against your organisation in the last three financial years (ie 2014/15, 2015/16, 2016/17)?

3) Where cyber attacks were successful, what kind and amount of data, if any, was lost or stolen? Was it confidential?

For each case, please confirm:

4) The type of attack (eg ransomware, denial of service etc)

5) What demand, for example a Bitcoin payment, was made to resolve the attack? Did your organisation comply?

6) Whether the attack was reported to police or other responsible authority? To the best of your knowledge, was the attacker traced/convicted?

If possible, please provide this information in Excel spreadsheet format.


Our Response

Responded on 7 June 2017

From: IG_Disclosures 

Sent: 07 June 2017 16:40


Subject: RE: FOI request - external electronic data breaches (FOI_2017_38)

Case Reference: FOI_2017_38

7 June 2017


Thank you for your request for information dated 9 May 2017 concerning cyber-attacks on the British Council. Your request has been handled under the terms of the Freedom of Information Act (FOIA) 2000 and has been passed to me for reply.

Please find attached an excel spread sheet which provides the information you have requested. 

I hope the information provided has been useful. 

If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your original letter and should be addressed to: 

Information Governance Advisor (Disclosures)

Information Governance and Risk Management 

British Council

Bridgewater House

58 Whitworth Street


M1 6BB 


If you are not content with the outcome of the internal review, you have a right to appeal to the Information Commissioner for a decision at: 

The Information Commissioner’s Office

Wycliffe House

Water Lane




Phone: 0303 123 1113 


Yours sincerely

Information Governance Advisor (Disclosures) | Information Governance and Risk Management Team