Trafford bin collection firm suffers major cyber attack with contracts, passports, financial details leaked publicly - Manchester Evening News

The company in charge of Trafford’s bin collections and cleaning the borough’s street has suffered a major cyber attack and sensitive personal, financial and commercial details have been leaked.

Amey PLC, which has a super contract with Trafford council to manage its infrastructure, was targeted by Mount Lock ransomware group in an incident the company has labelled ‘complex’.


Elsinore Street, Old Trafford (Image: Manchester Evening News)
It’s understood that the ransomware attack began in mid-December 2020 and is ongoing. The group behind the attack, Mount Locker, are demanding $2billion from the firm.

Mount Locker, believed to be behind the attack, has been known to demand multi-million dollar ransom payments from its victims in the past.

On December 16 2020, the ransomware group breached Amey’s computer systems for the first time.

From December 26, the group started publishing Amey’s proprietary data on their leak site.


Thorpe Street, Old Trafford (Image: Manchester Evening News)
Since then, leaked documents dumped on the website include contracts, financial documents including bank statements and loan records, confidential partnership agreements, Non-Disclosure Agreements.

Other documents leaked include correspondence between Amey and UK government departments and councils, scans of passports, driving licenses, and identity documents of company employees and directors, financial reports, employment records (new hire offers and resignation letters), technical blueprints (of Manchester Metrolink railways, for example) and meeting minutes.


According to the Mount Locker, as of January 3, the size of the entire stolen data set they took from Amey is 143 GB, of which about half has now been published on the leak site.

Two streets in Greater Manchester have some of the fastest internet speeds
Two streets in Greater Manchester have some of the fastest internet speeds (Image: Dominic Lipinski/PA Wire)
A spokesperson for Amey said: “Late last year, Amey became aware of a complex IT security incident and based on our investigations to date, a portion of our data was compromised. We have reported the incident to the Information Commissioner’s Office, the National Cyber Security Centre and the National Crime Agency.

“We continue to work with world-leading cyber-security experts to manage and assess the impact of this incident and are liaising with clients to keep any disruption to a minimum.”