Cyber Incident Victim: Oxford City Council
Date:
Jun 2025
Location:
United Kingdom
Summary
Oxford City Council detected suspicious activity on its network during a recent weekend and took immediate action to isolate and remove the threat, shutting down core systems for security checks that caused temporary service disruptions. The intrusion allowed threat actors to access historic data on legacy systems, resulting in the compromise of personal details of individuals who had performed election‑related work over a two‑decade period, including current and former employees such as poll station workers and ballot counters. The council has notified affected individuals, stated there is no evidence the data was leaked or exfiltrated, and continues to investigate while working with authorities to strengthen defenses and restore normal operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Oxford City Council detected suspicious activity within its network over the weekend of June 7 and 8, 2025, prompting its automated security systems to intervene and limit the attackers’ access to systems and databases. The council subsequently took down core systems to conduct thorough security checks, which caused service disruptions that persisted for several days. Most of the affected systems have since been restored, with the remainder expected to return online later in the week. The incident was identified as a cyberattack that allowed threat actors to access historic data stored on legacy systems.
The council determined that the compromised data included personal information of individuals who had worked on Oxford City Council‑administered elections between 2001 and 2022, such as poll station workers and ballot counters. Current and former council officers who may have been affected have been contacted individually to inform them of the potential exposure. The council stated that there is no evidence the compromised information was leaked or that a mass download or extraction of data occurred. Ongoing investigations aim to pinpoint precisely what was accessed and whether any data was exfiltrated.
In response to the breach, Oxford City Council has implemented additional measures to prevent further unauthorized access to its network. It has notified relevant government authorities and law enforcement agencies about the incident. The council continues to monitor its systems and maintain communication with impacted individuals as the investigation progresses. These actions constitute the council’s documented response to the cyberattack.