Cyber Incident Victim: Salford City Council

A cyber attack targeting Locata, a housing software provider used by multiple councils in Greater Manchester, compromised systems starting with Salford City Council last week before spreading to Manchester and Bolton councils over the weekend. The incident disrupted public-facing housing websites, including Manchester Move and Salford Home Search, rendering them inoperable. Attackers exploited this breach to send phishing emails to thousands of residents, masquerading as tenancy activation requests that solicited personal data. Locata confirmed the attack impacted its systems but did not disclose technical details about the intrusion method or attacker identity. Salford Council, the initial target, stated Locata could not confirm the scope of personal data exposed during the breach. Manchester City Council reported only "limited personal data" was compromised, while Bolton Council acknowledged the phishing campaign but provided no specifics on data loss.

Locata initiated containment by engaging third-party IT experts to investigate and manage the incident, notifying affected councils and issuing a public apology. Salford Council advised residents who clicked phishing links to monitor bank accounts for suspicious activity, contact their banks immediately if funds were lost, report fraud to Action Fraud, change reused passwords, and consider credit monitoring. Bolton Council directed impacted individuals to follow UK National Cyber Security Centre guidance for phishing incidents. No council confirmed whether attacker access was fully eradicated or whether data exfiltration occurred beyond the phishing scheme. The incident left housing service portals offline for multiple days, forcing councils to rely on alternative communication channels for resident support. Locata’s ongoing investigation had not released additional findings as of the article’s publication date.