Cyber Incident Victim: Sunderland City Council

In November 2018, Sunderland City Council experienced a concentrated wave of cyberattacks over a one-week period. The attacks included a barrage of approximately 400,000 spam emails containing phishing and spoofing attempts designed to compromise systems or steal credentials. Simultaneously, the council suffered at least one Distributed Denial of Service (DDoS) attack aimed at disrupting network availability. Attackers additionally executed a "spray attack" by systematically attempting common passwords across multiple accounts, triggering account lockouts that prevented legitimate users from accessing systems. These coordinated efforts overwhelmed the council's IT infrastructure and operational capabilities during the attack window. The incident was later formally documented in a scrutiny co-ordinating committee report obtained by the Local Democracy Reporting Service.

The council's pre-incident cybersecurity posture had been assessed through a Local Government Association "cyber-stocktake" questionnaire prior to the attacks, revealing vulnerabilities. While receiving green (satisfactory) and amber (moderate risk) ratings in some categories, the council was rated red—indicating high risk—in technology standards and compliance/detection capabilities. In response to the November attacks, officials announced plans to strengthen IT security through system upgrades including migrating PCs to Windows 10 and enforcing password policy changes to eliminate default credentials. The council publicly acknowledged that despite implementing these measures, no solution could ensure absolute protection against future attacks. The incident highlighted operational disruptions from account lockouts and service interruptions while exposing systemic gaps in the organization's defensive capabilities.