Cyber Incident Victim: Middlesbrough City Council

Middlesbrough City Council experienced a cyber incident affecting its website beginning on or around October 29, 2024, with the attack becoming publicly acknowledged on October 30. The council's IT department identified anomalous activity prompting an immediate decision to take the website offline on Wednesday, October 30, as a containment measure. Interim Chief Executive Clive Heaphy publicly confirmed the incident as an "online attack" and issued an apology for service disruptions caused by the temporary shutdown. The council maintained operational continuity for critical services despite the website outage, emphasizing that core data systems remained segregated from the compromised web infrastructure. No evidence suggested unauthorized access to resident data or internal council systems during the attack. Initial statements characterized the disruption as limited to public-facing website functionality, with no ransomware deployment or data exfiltration detected.

Service restoration occurred on Friday, November 1, following what the council described as "rigorous testing" to ensure system integrity. Heaphy reiterated the effectiveness of existing cybersecurity measures, stating the organization was "prepared for exactly this sort of attack" and confirming no data breaches occurred. The incident coincided with similar disruptions at Salford, Bury, and Trafford councils, though no confirmed technical linkage between these events was disclosed. All affected councils restored services within comparable timeframes, with Middlesbrough emphasizing its priority on maintaining public trust through transparent communication. The council's response focused on validating system security before reactivation rather than disclosing specific technical details about the attack vector or mitigation steps taken.