Oxford City Council election workers from 2001 to 2022 had personal information accessed by hackers in an attack over the weekend of 7 to 8 June.
The council has issued a statement disclosing that the hackers had been able to access some historic data on what it called “legacy systems”.
Its statement said an “unauthorised presence was detected within our network [on 7-8 June]. Our automated security systems kicked in, removed the presence and minimised the access the attackers had to our systems and databases.
“We then rapidly deployed external cyber security specialists to support us and proactively took down each of the council’s main systems to carry out full security checks and investigate the incident,” it said.
The council added that some disruption had been caused to some of its services because of the measures it had to take, taking down each of its main systems. That work was carried out by what it described as “external cyber security specialists”.
Investigation into the incident is ongoing, confirmed the council, as it continues to “identify as precisely as we can what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data.
“We have already taken action to prevent any further unauthorised access to our systems, and we have reported the incident to the relevant government authorities and law enforcement agencies,” it added.
Local government has been a regular target for cyber attackers in recent years. In January 2024, three local authorities in Kent – Canterbury City Council, Dover District Council and Thanet District Council – all fell prey to attacks that took multiple citizen-facing systems offline. The National Cyber Security Centre worked with all three at the time to help respond and remediate.
In October 2024, local government bodies were invited to take advantage of an NCSC-derived Cyber Assessment Framework (CAF) by the Ministry of Housing, Communities and Local Government (MHCLG).
At the time, Ben Cheetham, deputy director of digital at MHCLG, said the launch of the CAF represented a new focus for the department in terms of cyber resilience.
“To date, MHCLG’s cyber support for councils has focused on remediating serious vulnerabilities to help improve the sector’s resilience to malware and ransomware,” he said.
“With the evolving cyber threat, it is now time to turn our attention to how we support councils to strengthen their cyber resilience for years to come.
“The CAF for local government helps organisations assess and improve their cyber security through a risk-based and holistic approach,” said Cheetham. “This requires collaboration across the organisation, breaking down perceptions that cyber security is purely an IT issue.”
Words of reassurance
At present, Oxford City Council is stressing its recovery from the incident, together with words of reassurance to those whose personal information has been exposed to the attackers.
“We’re pleased to say that most of our systems are now safely up and running again, and the remaining systems should be back online this week,” it said, in a statement dated 19 June.
“We understand that people will be concerned, and today we have individually contacted people potentially affected to explain what happened, what support is available, and the steps we’re taking to ensure something like this doesn’t happen again.”
