Redcar and Cleveland Council

Redcar and Cleveland Councilis a local authority in the United Kingdom responsible for delivering a range of public services to residents and businesses in the Redcar and Cleveland area. Its core functions include collecting council tax, managing problem reporting systems, and providing access to planning applications and related services. As a unitary authority, it combines the responsibilities of both district and county councils, overseeing services such as waste management, environmental health, and local infrastructure. The organisation operates from its headquarters located within the United Kingdom, serving the community through digital and traditional channels.

On 7 February 2020, the council’s IT servers were targeted by a cyber‑attack that caused prolonged downtime of its public website and disrupted several online services. Residents were unable to make council tax payments, submit problem reports, or view planning applications through the affected platforms. The incident was characterised by the council as a “serious disaster,” prompting an immediate review of its disaster recovery arrangements. Although the council stated that there was no evidence of personal data loss, the attack necessitated coordinated efforts from internal IT teams and external cyber‑security specialists.

In the aftermath, priority was given to restoring urgent communications while phone and email capacity remained limited due to the ongoing disruption. The council worked alongside relevant authorities to investigate the source and nature of the attack, seeking to understand any vulnerabilities that had been exploited. Service restoration proceeded in phases, with critical functions brought back online as soon as feasible to minimise inconvenience to the public. Throughout the episode, the council maintained transparency about the status of systems and the steps being taken to secure them. The event highlighted the importance of robust IT resilience for local government bodies that increasingly rely on digital delivery of statutory services. It underscored the need for continual assessment of disaster recovery plans and the value of having external expertise available during crises. While the council did not disclose specific metrics such as the number of users affected or financial costs, the incident remains a notable example of cyber‑risk faced by public sector organisations in the United Kingdom. The experience has contributed to ongoing discussions about strengthening cyber‑defences across the sector.