Cyber Incident Victim: Locata

A cyber attack targeting software company Locata disrupted housing services across multiple Greater Manchester councils in late July and early August 2024. The incident began with an initial breach affecting one unspecified borough council last week before spreading over the weekend to compromise systems supporting Manchester, Salford, and Bolton councils. This resulted in the takedown of public-facing housing websites including Manchester Move, the platform used for social housing allocations. Attackers exploited the breach to conduct a phishing campaign, sending fraudulent emails to thousands of residents posing as housing authorities. These messages instructed recipients to "activate your tenancy options" while attempting to harvest personal data through malicious links. Locata confirmed the attack impacted their systems serving multiple local authorities but did not disclose the intrusion method or whether ransomware was involved.

Locata initiated containment measures by engaging third-party IT forensic experts and notifying affected councils, though investigations remained ongoing at the time of reporting. Manchester City Council confirmed limited personal data exposure restricted to their Manchester Move platform, while Salford authorities reported Locata could not yet determine the full scope of compromised information. All impacted councils issued public alerts warning residents about the phishing attempts. Bolton and Salford specifically advised recipients who clicked links or shared information to immediately follow UK National Cyber Security Centre protocols, monitor bank accounts for suspicious activity, report financial losses to Action Fraud, and change reused passwords. Service disruptions persisted across housing allocation platforms during the initial response phase, with Locata publicly apologizing for operational impacts while continuing system restoration efforts alongside cybersecurity investigators.