Cyber Incident Victim: Milton Keynes Council

On or around July 22, 2019, Milton Keynes Council in Buckinghamshire, England, experienced a cyberattack targeting its planning portal. Council officials detected the breach and took immediate action by taking the affected systems offline to contain the incident and conduct an investigation. A council spokesperson confirmed awareness of the attack and emphasized their rapid response, which included implementing additional security measures. While the council asserted no data was compromised, the disruption necessitated alternative methods for public engagement with planning services. Residents were instructed to submit planning applications or comments via email to [email protected] instead of the offline portal. A telephone contact (01908 252358) was also provided for application-related queries. The council’s public access system displayed a maintenance notification on July 22, masking the ongoing security incident from general users.

The attack’s timeline indicates initial detection occurred shortly before July 18, as the Development Control Panel discussed the breach during a meeting that day. Panel chairman Cllr John Bint explicitly referenced a cyberattack within the preceding 24 hours of the July 18 session. This suggests the intrusion attempt or its effects were identified no later than July 17. Service disruptions persisted through at least July 22, when the maintenance notice remained active. The council’s primary operational impact was the prolonged unavailability of its digital planning portal, forcing reliance on manual processes for application handling. No technical specifics regarding the attack vector, perpetrator identity, or data access attempts were disclosed publicly. Restoration timelines and forensic findings were not detailed in available reporting.