Oxford City Council Hit by Cyberattack. Legacy Data of Election Workers Potentially Compromised

Oxford City Council has said it fell victim to a security breach over the weekend of 7–8 June, which may have compromised election workers’ personal data.

According to the council’s statement, automated systems detected an intruder within its digital infrastructure, triggering a rapid containment that isolated and removed the threat.

As a precaution, external cybersecurity specialists were brought in and all principal systems were temporarily taken offline for comprehensive forensic reviews.

The outage led to service interruptions throughout the week, though most systems have now been restored, with a few expected to return online soon.

Scope of the breach and data at risk

“An unauthorised presence was detected within our network,” reads the cybersecurity notice posted on oxford.gov.uk. “Our automated security systems kicked in, removed the presence and minimised the access the attackers had to our systems and databases.”

“These precautionary measures resulted in disruption to some of our services over the last week, our staff have been working hard to minimise impact on our residents but we would like to sincerely apologise for any inconvenience this has caused to people wanting to access our services,” the notice informs.

While critical functions like email remained unaffected, residents experienced delays in service delivery, including online payments and permit processing, due to the precautionary system shutdown.

Investigators confirmed the breach was confined to legacy systems containing historical records.

Notably, those affected include individuals who supported council-administered elections between 2001 and 2022, such as poll station workers and ballot counters—primarily current or former council employees.

Although personal details were likely accessed, there is currently no evidence that data was leaked externally or downloaded en masse.

The council has reached out to those potentially affected with detailed explanations of the incident, support information, and assurances regarding the strengthened cybersecurity measures enacted in its wake.

Response and remediation

In response to the breach, Oxford City Council has implemented multiple layers of protection, including:

·      Isolation and removal of the threat by automated systems

·      External investigation by specialist cybersecurity professionals

·      Temporary shutdown of major systems to undertake forensic and security audits

·      Strengthened network defenses and tighter access regulation

·      Notification to affected individuals and the authorities, including the National Cyber Security Centre and law enforcement

·      Roll-out of new digital security protocols, including advanced threat detection and segmentation, and a planned decommissioning of vulnerable legacy systems

Oxford City Council stressed that email systems and public-facing digital services are now secure. A full forensic investigation continues to determine what data was accessed and whether any was stolen. The council reaffirmed its dedication to safeguarding personal data and rebuilding public trust.

What residents should do

If you were an election worker between 2001 and 2022, monitor communications from the council. Follow updates via official council announcements to stay informed about system restorations and further recommendations.

Watch out for suspicious emails or calls. Standard cybersecurity advice is to verify sender identities and refrain from clicking unexpected links.

Anyone affected by a data breach should consider a data monitoring service. Bitdefender Digital Identity Protection lets you know if your data has been compromised or leaked online, what risks you face, and how to protect yourself.

Since data breaches have become a daily occurrence, as a rule of thumb, always be wary of unsolicited communications citing your personal information.

When in doubt about a suspicious text, phone call, or social media interaction, consult Scamio, our free scam-fighting bot.

Consider using a security solution on all your devices for peace of mind.

You may also want to read:

UK Fines 23andMe $3 Million Over 2023 Mega Breach

UK Armors Up Against 'Quantum Cybercrime'

Apple Removes ADP Security for Users in the UK