Attackers were able to access personal details of election staff between 2001 and 2022.
Oxford City Council has said it was subject to a cybersecurity incident over a recent weekend.
In a statement, it said it detected “an unauthorised presence” on the weekend of 7th and 8th June. ”Our automated security systems kicked in, removed the presence and minimised the access the attackers had to our systems and databases,” it said.
“We then rapidly deployed external cybersecurity specialists to support us and proactively took down each of the council’s main systems to carry out full security checks and investigate the incident.”
The council admitted that this did cause some disruption to some services over the last week, and most systems are now safely up and running again, and the remaining systems should be back online this week.
Historic Data
Whilst the council said it is investigating what was accessed and what, if anything, might have been taken out of our systems, it said there is no evidence of a mass download or extraction of data.
It did say that attackers were able to access personal details of staff who worked on Oxford City Council-administered elections between 2001 and 2022 - including poll station workers and ballot counters - were accessed.
“The majority of these people will be current or former Council officers. There is no evidence to suggest that any of the accessed information has been shared with third parties.”
It called the “unlawful breach” of council systems “deeply regrettable for all impacted” and a full investigation into the incident is ongoing.
Sylvain Cortes, VP strategy, Hackuity said: “Local authorities remain high-value targets for cyber-criminals. It’s a sector that’s undergoing rapid digitisation to move services online and faces growing risks from attackers aiming to access sensitive data on citizens and employees.
“The digital age creates new points of vulnerability for councils and this incident comes hot on the heels of a spate of retail-sector attacks. It reinforces that organisations across all sectors must have the fundamental building blocks of security in place.
“Security teams are dealing with big challenges, so ensuring they’re equipped with all they need, from constant network monitoring to rapid detection, can help to identify and isolate threats before attackers slip through. Prevention, not just response, must be the priority.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
