News

Hundreds of council data breaches reported

According to a new report, there were more than 700 council data breaches reported to the Information Commissioner’s Office (ICO) in 2020. These breaches impacted all 398 UK councils. In addition, the number of data breach incidents rose by 15% between the last quarter of 2020 and the first quarter of 2021. The information was uncovered via freedom of information (FOI) responses.

According to the report:

  • 10 councils had their operations disrupted due to a breach or ransomware attack
  • 1 council reported 29 data breaches in 2020
  • A high-profile attack against Hackney Council forced critical services to be shut down for several weeks
  • Redcar & Cleveland Borough Council suffered a cyberattack, leading to over 135,000 residents being unable to access important services.
  • Council employees lack security training and qualifications
  • 45% of councils employ no professionals with recognised security qualifications
  • Approximately four in ten councils spent no money on security training in 2020.

The report also warns that, with “more council employees working remotely, and city and town centres becoming increasingly connected, the cyber security challenges facing councils are only set to grow in the future”.

Our opinion

Commenting on the findings, Kingsley Hayes, head of data breach, said:

“Local authorities handle some of our most sensitive personal data, so a data breach can be disastrous. Unfortunately, in our experience, reliance on unsecured legacy software and a lack of preparation for dealing with cyber-attacks has made the sector vulnerable. As a result, almost 100 million cyber-attacks hit Britain’s local authorities in just five years.

“Of course, given the nature of the data required for the delivery of public services, local authorities are lucrative to hackers. But, as the report shows, UK councils are also struggling to train staff and put robust data management practices in place. This is making things worse for the public and easier for cybercriminals.

“What’s more, despite the threat of attacks, in our experience, human error remains the leading cause of breaches, and this is only going to get worse if these organisations don’t take their data protection responsibilities seriously.”

Keller Postman

Share
Published by
Keller Postman
3 years ago

Recent Posts

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

3 days ago

FAQs about the Capita data breach

Here are some of the questions our data protection experts have been asked about our… Read More

3 days ago

Join our 2plan Group Action

We have launched a group action against 2plan. Group actions can be a powerful tool… Read More

3 days ago

Do you have a 2plan data breach compensation claim?

What happened in the 2plan data breach? Find out in our latest blog and claim… Read More

3 days ago

Join our Southern Water Group Action

We have launched a group action against Southern Water. Group actions can be a powerful… Read More

3 days ago

FAQs about the Southern Water data breach 

Here are some of the questions we have been asked about our Southern Water data… Read More

3 days ago