Cyber Incident Victim: Bolton Council

A cyber attack targeting Locata, a provider of housing software used by multiple councils in Greater Manchester, compromised systems starting in late July 2024. The initial breach affected one unnamed borough council last week before spreading over the weekend to impact Manchester, Salford, and Bolton councils. Attackers disrupted public-facing housing websites—specifically Manchester Move and Salford Home Search—rendering them inoperable. This disruption enabled threat actors to access Locata's systems and harvest contact data, facilitating a phishing campaign targeting thousands of residents. Phishing emails impersonating housing authorities instructed recipients to "activate your tenancy options," attempting to harvest additional personal information through fraudulent links. Locata confirmed the attack disrupted services across multiple municipalities but could not immediately determine the full scope of compromised data.

Manchester City Council stated the breach involved "limited personal data" from its Manchester Move platform, while Salford and Bolton councils issued urgent warnings to residents. Bolton Council directed recipients who clicked phishing links or shared information to follow UK National Cyber Security Centre protocols immediately. Salford Council advised monitoring bank accounts for suspicious activity, contacting financial institutions if compromised, reporting monetary losses to Action Fraud, changing reused passwords, and considering credit monitoring. Locata engaged third-party IT experts to investigate the incident, initiated containment measures, and apologized for the disruption but provided no timeline for full restoration. The attack's primary confirmed impacts included operational downtime for housing services, exposure of resident contact data, and elevated fraud risks requiring coordinated response efforts across three councils and their software provider.