Oxford

Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems.

The incident has also caused an ICT service disruption, as announced on the website, and although most of the impacted systems have been brought back online, the remaining backlogs may continue to cause delays.

Oxford City Council is the local government authority responsible for managing critical public services, such as housing, planning, waste collection, environmental health, and elections, in Oxford, England.

Wiz

The authority serves a population of around 155,000 residents, but its influence extends further due to the city's international prominence through the University of Oxford, tourism, and research institutions.

A statement on its website explains that attackers gained unauthorized access to some of its systems and databases, which host personal information.

Based on the preliminary investigation, the impacted system contained information on former and current Council officers between 2001 and 2022.

"Unfortunately, the attackers were able to access some historic data on legacy systems," reads the statement published on the Oxford City Council website.

"We have now identified that people who worked on Oxford City Council-administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed."

The statement claims there's no evidence that the exposed data has been further disseminated. Also, there's no mention of citizen data having been compromised.

BleepingComputer has contacted Oxford City Council to specify if citizen data was stored in the accessed databases, and we will update this post with their response.

The organization says the investigation into the incident is still ongoing, and no signs of mass data extraction have been unearthed as of yet.

Oxford City Council says it has begun individually notifying those confirmed to be affected, providing details about the incident, available support resources, and assurances of strengthened security measures to prevent future breaches.

Also, the relevant government authorities and law enforcement agencies have been notified accordingly.

tines

Automated Pentesting Covers Only 1 of 6 Surfaces.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Related Articles:

European Commission confirms data breach after Europa.eu hack

Ericsson US discloses data breach after service provider hack

UH Cancer Center data breach affects nearly 1.2 million people

Hims & Hers warns of data breach after Zendesk support ticket breach

Die Linke German political party confirms data stolen by Qilin ransomware