NEW details have been released in relation to incidents where Cornwall councillors fell victims to hackers.

An all-member briefing was held on Thursday (October 4) at County Hall about online safety after councillors were hacked on three different occasions.

Paul Masters, strategic director for neighbourhoods, gave an outline of the incidents in his presentation.

However he told councillors that hacking incidents were not the biggest problem for the council.

Mr Masters said the council had around 200 “information losses” in the past year.

He said most of these involved “posting the wrong things to the wrong addresses” or emailing information to the wrong people.

He added that some cases had involved social care records being sent to the wrong people.

Mr Masters also highlighted a recent incident where an email had been sent out to the parents of disabled children but had included the email address of all recipients which he said was “technically a breach”.

He explained to councillors that the Information Commissioner, which oversees and investigates any data breaches, had only ever conducted one formal investigation into the council which resulted in advice being given for future practice.

Mr Masters said he did not know how the council’s figure of 200 data losses a year compared to other authorities as such information was not released.

He added: “I don’t think 200 is a big number.”

Turning to the incidents where councillors had been hacked, the first involved a hacker getting access to the councillor’s Office 365 account and then writing an email that was sent to every single person in the councillor’s contacts and which encouraged them to click on a link.

That link went to a malicious website which would then compromise their own information.

Mr Masters said the hacker also put an auto-forward rule onto the councillor’s email so every message that was sent to them was passed directly to the hacker.

Councillors were also told of two other incidents where councillors had clicked on links which had been sent to them which gave hackers access to their email accounts.

In all three cases councillors, staff and all those who had received emails from those councillors affected were advised to change all their passwords.

Mr Masters told councillors that the origins of the hacking attempts had been from academic institutions abroad and in Nigeria.

He advised councillors to be careful with how they access their email and warned them not to auto-forward emails from their council email address to their own personal email addresses.

Councillors were also told to be aware about making sure that passwords were strong and secure.

Mr Masters said recent work at the council found that a large number of people had used passwords such as Cornwall1, Cornwall2, Cornwall3 and so on.

He said: “With something like that you can take a pretty good guess for what the password might be.”

It was revealed that during September 692,257 emails which were sent to the council were blocked as they were deemed suspicious – that was 42% of all emails sent to council accounts.

Councillors were also warned to be careful with information provided to them from the council and how they stored it.

Mr Masters recalled how a social worker had come to see him after visiting a councillor and finding that they had paperwork relating to housing cases which had personal information included in it open in their house.

He explained that while it was fine for councillors to have that sort of information they had to take care to ensure they did not leave it in places where others could access or see it.

The council is also planning to introduce a new system which will mark emails clearly for councillors so that they know whether they are for public view, for private view within the council or confidential.