Oxford City Council was subject to a cyber security incident over the weekend of 7/8 June.
An unauthorised presence was detected within our network. Our automated security systems kicked in, removed the presence and minimised the access the attackers had to our systems and databases.
We then rapidly deployed external cyber security specialists to support us and proactively took down each of the Council’s main systems to carry out full security checks and investigate the incident.
These precautionary measures resulted in disruption to some of our services over the last week, our staff have been working hard to minimise impact on our residents but we would like to sincerely apologise for any inconvenience this has caused to people wanting to access our services.
We’re pleased to say that most of our systems are now safely up and running again, and the remaining systems should be back online this week. Thank you for your patience and understanding while we’ve worked through this.
As a result of these precautionary checks, we can confirm that the Council’s email systems and wider digital services remain secure and safe to use.
Unfortunately, the attackers were able to access some historic data on legacy systems. We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed. The majority of these people will be current or former Council officers. There is no evidence to suggest that any of the accessed information has been shared with third parties.
Investigations continue to identify as precisely as we can what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data.
We understand that people will be concerned and today we have individually contacted people potentially affected to explain what happened, what support is available, and the steps we’re taking to ensure something like this doesn’t happen again.
We know how important it is to protect the information we hold. We take that responsibility extremely seriously, and this unlawful breach of Council systems is deeply regrettable for all impacted. We have already taken action to prevent any further unauthorised access to our systems, and we have reported the incident to the relevant government authorities and law enforcement agencies. A full investigation into the incident is ongoing.
Rate this page
