Cyber Incident Victim: Manchester City Council
Date:
Aug 2024
Location:
United Kingdom
Summary
A cyber attack targeting housing software provider Locata compromised systems used by multiple councils in Greater Manchester, leading to widespread service disruptions and phishing scams targeting residents. The incident exposed limited personal data and prompted fraudulent emails urging recipients to activate tenancy options, with affected local authorities advising vigilance regarding suspicious financial activity and password security. The software company acknowledged the breach and initiated an investigation with third-party experts while apologizing for the impact on council operations and resident data security.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber attack targeting Locata, a housing software provider used by multiple councils across Greater Manchester, compromised public-facing housing websites beginning in late July 2024. The incident initially impacted one unspecified borough council last week before spreading over the weekend to affect Manchester, Salford, and Bolton councils' systems. Attackers exploited vulnerabilities in Locata's platform to disrupt Manchester Move (Manchester City Council's housing service), Salford Home Search, and Bolton's equivalent systems. This disruption enabled threat actors to access limited personal data and distribute phishing emails to thousands of residents, masquerading as housing service updates. The fraudulent messages urged recipients to "activate your tenancy options" by submitting personal information through compromised channels. Manchester City Council confirmed only public-facing website components were breached, minimizing direct data exposure. However, the phishing campaign created widespread risk of secondary fraud, as attackers leveraged stolen contact details to target vulnerable residents with credential harvesting attempts.
Locata initiated containment measures by engaging third-party IT forensic experts and notifying affected local authorities within days of detection. The company issued a public apology acknowledging service disruptions but did not disclose technical details about the attack vector or data compromise scope. Manchester City Council directed impacted residents to UK National Cyber Security Centre guidance for phishing remediation, while Bolton Council emphasized immediate bank monitoring and fraud reporting to Action Fraud for those who interacted with malicious links. Salford Council, having been among the first targets, warned residents to change reused passwords and enroll in credit monitoring due to Locata's inability to confirm the extent of personal data exfiltration. All three councils maintained continuous public advisories through their communication channels, focusing on damage mitigation for residents rather than disclosing operational specifics about the ongoing investigation. The incident highlighted systemic risks in third-party software dependencies for critical municipal services.