Cyber Incident Victim: Leicester City Council
Date:
Mar 2024
Location:
United Kingdom
Summary
Leicester City Council experienced a cyber incident prompting precautionary shutdowns of IT systems and phone lines, disrupting operations while investigations continue with the National Cyber Security Centre and law enforcement. The council anticipates recovery efforts for critical services will begin midweek but warns full restoration may take over a week, urging residents to use emergency contact numbers for urgent needs while online resources remain available. This incident aligns with a pattern of recent cyberattacks targeting local authorities, though specific details of the breach remain undisclosed as the council focuses on minimizing frontline service interruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 7, 2024, Leicester City Council proactively shut down its IT systems and telephone lines following the detection of a cyber incident, mirroring precautionary measures adopted by other UK local authorities in recent months. The council initiated an immediate investigation led by strategic director Richard Sword, who confirmed coordination with the National Cyber Security Centre (NCSC) and law enforcement agencies to determine the incident’s scope and origin. Service disruptions affected routine operations, prompting the council to direct residents to its website for non-emergency information and to use newly established emergency contact numbers for urgent assistance. These emergency numbers varied between weekdays and weekends, requiring residents to verify current contacts via the council’s homepage. The council acknowledged the inconvenience caused but emphasized efforts to minimize frontline service interruptions, particularly for vulnerable populations. No timeline for system restoration or investigation completion was provided in the initial announcement, with updates promised as developments occurred.
By March 11, the council confirmed systems would remain offline until at least midweek, with recovery efforts expected to begin incrementally thereafter, prioritizing reactivation of critical services first. Additional emergency phone lines were introduced to address urgent needs, though the council reiterated these should not be used for general inquiries. Internal teams collaborated with cybersecurity partners and studied mitigation strategies from other councils that had experienced similar incidents, though the specific attack vector or threat actor remained undisclosed. Richard Sword stated the investigation’s duration was unpredictable, reflecting the complexity of forensic analysis and coordination with national agencies. The council identified itself as one of multiple local authorities targeted in recent months but avoided disclosing operational specifics, data compromise details, or recovery technicalities. Residents continued relying on web-based resources for routine services, while the council focused on maintaining essential functions through alternative channels during the extended outage.