Exposure of Personal Data Pertaining to Oxford City Council Officials

Oxford City Council has disclosed a cybersecurity incident that resulted in the exposure of personal data of current and former Council officers spanning a 21-year period.

The local authority indicated that attackers gained access to its network over the weekend of June 7 and 8, 2025. The automated security systems deployed by the Council managed to restrict the attackers’ presence and the extent of their access to the systems and databases.

Regrettably, the attackers succeeded in accessing historical data stored on legacy systems. The Council reported, “We have now identified that individuals who were involved in elections administered by Oxford City Council from 2001 to 2022, including polling station workers and ballot counters, may have had some personal details accessed. The majority of these individuals are expected to be current or former Council officers.”

Currently, there is no evidence to suggest that any of the accessed information has been shared with third parties, nor is there any indication of a mass download or data extraction.

“We recognize that people will be concerned and today we have individually contacted those potentially affected to explain what transpired, the support available, and the measures we are implementing to prevent such incidents in the future,” the Council stated.

Details regarding the specific type of personal information accessed have not been disclosed.

The Council has reported the incident to the appropriate government authorities and law enforcement. An extensive investigation is underway to determine the precise data accessed and whether any part was exfiltrated.

Disruption to Council Services

In response to the cybersecurity incident, Oxford City Council engaged external cybersecurity experts to conduct a thorough examination and secure its primary systems. This intervention led to significant disruption of local authority services for over a week.

“Our staff have been diligently working to minimize the impact on our residents, and we sincerely apologize for any inconvenience this has caused to those seeking to access our services,” the Council stated.

Most affected systems have since been restored to functionality, and the Council’s email systems along with a broad spectrum of digital services are confirmed to be safe for use.