Oxford City Council Data Breach Exposes Two Decades of Staff Records

Legacy Systems Compromised in Targeted Attack

Oxford City Council has confirmed a cyberattack that compromised legacy systems holding staff data from 2001 to 2022. The breach has disrupted core ICT services, though most have now been restored. Delays may still occur as the Council works through system backlogs.

The unauthorized access allowed attackers to obtain personally identifiable information about former and current staff. This includes individuals who worked during city-administered elections over a 21-year period. Affected roles include poll workers and ballot counters.

According to the Council’s public statement, there is no evidence that the compromised data has been leaked or shared further. Citizen data appears unaffected, although a full investigation is still underway.

Response and Ongoing Investigation

Oxford City Council has started direct outreach to impacted individuals. Those affected will receive information about the breach, available support, and new security measures being implemented.

The Council also confirmed that law enforcement and relevant government bodies have been notified. As of now, there are no signs of mass data exfiltration. The incident highlights the long-term risks of maintaining unprotected legacy systems in public-sector networks.