Oxford City Council has confirmed it was the target of a cyberattack that led to the unauthorised access of personal information belonging to individuals involved in council-run elections over the past two decades.
The breach was quickly detected by the council’s automated security systems. It triggered an immediate response that limited the threat attackers’ access. “Unfortunately, the attackers were able to access some historic data on legacy systems,” the Council said in a statement.
“We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed. The majority of these people will be current or former Council officers.”
However, the Council stressed that there is no evidence to suggest that any of the accessed information has been shared with third parties.
“We understand that people will be concerned,” a spokesperson said. “Today we have individually contacted those potentially affected to explain what happened, what support is available, and the steps we’re taking to ensure something like this doesn’t happen again.”
The council said its digital defences identified the unauthorised presence early and automatically removed it. In response, it brought in external cybersecurity experts and took down core systems as a precaution while conducting a full investigation.
This resulted in some disruption to council services over the past week. Staff have been working to minimise the impact, and most systems are now back online. Full restoration is expected by the end of the week.
“We’d like to sincerely apologise for any inconvenience caused to people trying to access our services,” the council said. “We’re pleased to say that most of our systems are now safely up and running again, and the remaining systems should be back online this week.”
Despite the data breach, the council maintains that its current email and digital systems remain secure. It also says the event has been reported to the relevant government authorities and law enforcement, and a full investigation is underway.
“This unlawful breach is deeply regrettable. We take our responsibility to protect residents’ information extremely seriously and have already taken action to prevent any further unauthorised access,” the council said.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.