Oxford City Council Hit by Cyberattack Exposing Employee Personal Data

Oxford City Council has confirmed it was the target of a sophisticated cyberattack that resulted in the exposure of personal data belonging to employees, including those involved in council-administered elections over the past two decades.

The council detected an unauthorised presence within its network last week, prompting immediate action from its automated security systems.

These systems swiftly removed the intruder and minimised the extent of access the attackers had to council systems and databases.

In the aftermath, external cybersecurity specialists were deployed to assist with the incident response, and the council proactively took down its main systems to conduct comprehensive security checks and a thorough investigation.

These precautionary measures led to disruptions in some council services throughout the week.

Staff have been working diligently to reduce the impact on residents, and the council has apologised for any inconvenience caused to those attempting to access services during the outage.

Most systems are now safely operational, with the remaining few expected to come back online within days, as per a report by Oxford.

“As a result of these precautionary checks, we can confirm that the Council’s email systems and wider digital services remain secure and safe to use,” a council spokesperson stated.

However, the investigation revealed that attackers managed to access historic data stored on legacy systems.

Specifically, individuals who worked on Oxford City Council-administered elections between 2001 and 2022—including polling station workers and ballot counters—may have had some personal details accessed.

The majority of those affected are current or former council officers. Importantly, there is no evidence to suggest that the information accessed has been shared with third parties or that there was a mass download or extraction of data.

The council has initiated direct communication with all potentially affected individuals, explaining the situation, outlining available support, and detailing the steps being taken to prevent similar incidents in the future.

The council emphasised its commitment to data security and expressed deep regret over the breach.

“We know how important it is to protect the information we hold. We take that responsibility extremely seriously, and this unlawful breach of Council systems is deeply regrettable for all impacted,” the spokesperson added.

The incident has been reported to relevant government authorities and law enforcement agencies. A full investigation is ongoing to determine exactly what data was accessed and whether any information was removed from council systems.

Residents and employees are urged to remain vigilant and report any suspicious activity related to their personal data.

The council has reiterated its dedication to transparency and security as it works to restore full functionality and trust.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates