Oxford City Council recovering from cyberattack

Intruder accessed historic personal data

Oxford City Council (OCC) detected and shut down an “unauthorised presence” in its network, although the attackers still managed to access some data.

According to the council’s statement the intruder was able to access “historic data on legacy systems” over the weekend of 7th and 8th June. Some of that includes personal information:

“We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed. The majority of these people will be current or former Council officers.”

The unauthorised access did not affect OCC's services, but the external cyber specialists it brought in did: they took down each of the council’s main systems to carry out full security checks, as a precautionary measure.

Some services were disrupted over the last week as a result, and OCC has apologised for past and ongoing disruption. Most systems are now back up and running.

While the council has not said how the attacker got in, it notes that its automated security systems “kicked in, removed the presence and minimised the access the attackers had to our systems and databases.”

OCC is now working to identify exactly what was accessed and what data may have been exfiltrated. It has reported the incident to the relevant authorities and law enforcement.

Local authorities are ripe targets for cyber criminals due to rapid digitisation, a lack of training or understanding from all stakeholders, and the sensitivity of the data they hold.

Sylvain Cortes, VP of strategy at Hackuity, told us:

“The digital age creates new points of vulnerability for councils and this incident comes hot on the heels of a spate of retail-sector attacks. It reinforces that organisations across all sectors must have the fundamental building blocks of security in place.”