Oxford City Council has confirmed that a recent cyberattack led to the unauthorized access of personal information related to electoral activities spanning 21 years, specifically from 2001 to 2022. The data breach, which potentially affects current and former council officers, was announced following the incident that occurred during the weekend of June 7-8. According to the council’s official statement, authorities are actively investigating the incident to determine the full scope of data accessed.
In a bid to reassure the public, the city council emphasized that there is no evidence indicating that the compromised data has been shared with outside entities. The statement further clarified, “Investigations continue to identify as precisely as we can what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data.” Individual contacts have been made to those affected, informing them about the situation and the support available.
The council’s automated security systems swiftly detected the breach and terminated the attackers’ access. As a precautionary measure, external cybersecurity experts were engaged to aid in the response efforts, prompting the shutdown of several key council systems and services, including those involved in payment processing. Although many services are now operational, a cautionary banner remains on the council’s website, alerting users to ongoing technical issues.
Sylvain Cortes, VP of strategy at Hackuity, remarked on the growing vulnerability of local authorities amidst increasing digitization. “Local authorities remain high-value targets for cybercriminals, facing burgeoning risks associated with the online transformation of services,” he noted. The attack on Oxford City Council mirrors a troubling trend, as other UK councils such as Gateshead and West Lothian have similarly experienced attacks this year, reiterating the necessity for robust cybersecurity measures across all sectors.