Oxford City Council says a cyberattack earlier this month resulted in 21 years of data being compromised.

It said "some historic data on legacy systems" was accessed by unauthorized attackers, namely the personal information of people who worked on council-administered elections between 2001 and 2022.

The majority of those affected are thought to be either current or former council officers, and the authority assured the public that the incident was limited in scope.

[1]

According to a [2]statement posted to the council's website on Thursday, "there is no evidence to suggest that any of the accessed information has been shared with third parties.

[3]

[4]

"Investigations continue to identify as precisely as we can what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data.

"We understand that people will be concerned and today we have individually contacted people potentially affected to explain what happened, what support is available, and the steps we're taking to ensure something like this doesn't happen again."

[5]

The attack took place over the weekend of June 7-8 and the council's automated security systems picked up on the activity and revoked the attackers' access.

External cybersecurity experts were called in to manage the cleanup, during which key council systems and services were shut down last week, including those related to payment processing.

Oxford City Council assured residents that most of its services are back up and running, and are safe to use. However, a banner remains atop its website warning that some issues remain and technical staff are working to resolve them.

[6]

Sylvain Cortes, VP of strategy at Hackuity, said the break-in is the result of local authorities undergoing digital transformations.

"Local authorities remain high-value targets for cybercriminals," he said. "It's a sector that's undergoing rapid digitization to move services online and faces growing risks from attackers aiming to access sensitive data on citizens and employees.

"The digital age creates new points of vulnerability for councils and this incident comes hot on the heels of a spate of retail-sector attacks. It reinforces that organizations across all sectors must have the fundamental building blocks of security in place."

[7]Scottish council admits ransomware crooks stole school data

[8]'Once in a lifetime' IT outage at city council hit datacenter, but no files lost

[9]Medusa ransomware group claims attack on UK's Gateshead Council

[10]Leicester streetlights take ransomware attack personally, shine on 24/7

The Oxford attack is the latest of many to affect UK councils. In 2025 alone, [11]Gateshead and [12]West Lothian councils have reported material attacks on their systems, with ransomware groups claiming responsibility for both.

Nottingham City Council also suffered a [13]freak service outage earlier this year, which turned off the lights at the authority's office building, although that was caused by a datacenter electrical fault rather than intruders.

And while some organizations struggled to keep the lights on, so to speak, others had the opposite problem.

Among the additional attacks on local authorities that occurred last year was the [14]ransomware hit on Leicester City Council , which caused it to lose control of the city's streetlights, a number of which would not power down during the day, shining 24/7, much to the discontent of residents.

The pro-Russia DDoS specialists at the group known as NoName057(16) also [15]turned their attentions to UK councils toward the back end of 2024, rendering many authorities' websites inaccessible for days in some cases. ®

Get our [16]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aFWFl0fyKu-dPv7f3h4G-gAAAkw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://www.oxford.gov.uk/news/article/1704/statement-on-cyber-security-incident

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFWFl0fyKu-dPv7f3h4G-gAAAkw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFWFl0fyKu-dPv7f3h4G-gAAAkw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aFWFl0fyKu-dPv7f3h4G-gAAAkw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aFWFl0fyKu-dPv7f3h4G-gAAAkw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/

[8] https://www.theregister.com/2025/03/19/nottingham_outage_sitrep/

[9] https://www.theregister.com/2025/01/17/gateshead_council_cybersecurity_incident/

[10] https://www.theregister.com/2024/04/23/leicester_streetlights_ransomware/

[11] https://www.theregister.com/2025/01/17/gateshead_council_cybersecurity_incident/

[12] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/

[13] https://www.theregister.com/2025/03/19/nottingham_outage_sitrep/

[14] https://www.theregister.com/2024/04/23/leicester_streetlights_ransomware/

[15] https://www.theregister.com/2024/11/01/uk_councils_russia_ddos/

[16] https://whitepapers.theregister.com/