News

Hundreds of council data breaches reported

According to a new report, there were more than 700 council data breaches reported to the Information Commissioner’s Office (ICO) in 2020. These breaches impacted all 398 UK councils. In addition, the number of data breach incidents rose by 15% between the last quarter of 2020 and the first quarter of 2021. The information was uncovered via freedom of information (FOI) responses.

According to the report:

  • 10 councils had their operations disrupted due to a breach or ransomware attack
  • 1 council reported 29 data breaches in 2020
  • A high-profile attack against Hackney Council forced critical services to be shut down for several weeks
  • Redcar & Cleveland Borough Council suffered a cyberattack, leading to over 135,000 residents being unable to access important services.
  • Council employees lack security training and qualifications
  • 45% of councils employ no professionals with recognised security qualifications
  • Approximately four in ten councils spent no money on security training in 2020.

The report also warns that, with “more council employees working remotely, and city and town centres becoming increasingly connected, the cyber security challenges facing councils are only set to grow in the future”.

Our opinion

Commenting on the findings, Kingsley Hayes, head of data breach, said:

“Local authorities handle some of our most sensitive personal data, so a data breach can be disastrous. Unfortunately, in our experience, reliance on unsecured legacy software and a lack of preparation for dealing with cyber-attacks has made the sector vulnerable. As a result, almost 100 million cyber-attacks hit Britain’s local authorities in just five years.

“Of course, given the nature of the data required for the delivery of public services, local authorities are lucrative to hackers. But, as the report shows, UK councils are also struggling to train staff and put robust data management practices in place. This is making things worse for the public and easier for cybercriminals.

“What’s more, despite the threat of attacks, in our experience, human error remains the leading cause of breaches, and this is only going to get worse if these organisations don’t take their data protection responsibilities seriously.”

Keller Postman

Share
Published by
Keller Postman
3 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

5 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

5 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

5 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

5 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

5 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

5 months ago