Cyberattacks in 2024: lessons for local councils

In an age of increasingly sophisticated cyber threats, UK councils are facing unprecedented challenges. With outdated IT security defences and limited budgets, most councils remain prime targets for cyber criminals seeking to exploit vulnerabilities for personal gain. Despite calls to modernise these defence systems, many councils remain underprepared, leaving sensitive data and critical services at risk. From ransomware to Distributed Denial of Service (DDoS) attacks, the past year has highlighted the critical need for councils to enhance their cyber resilience.

For the first blog of 2025, we reflect on the most significant cyber incidents of 2024, their implications for council operations, and why enacting proactive measures are essential to safeguard the future of public services.

Major Cyber Incidents of 2024

Leicester City Council

Leicester City Council was subject to a critical ransomware attack at the start of 2024, causing IT systems and phone lines to be temporarily disabled.

The attack, enacted on March 8th, caused significant disruption to crucial services for several weeks, including child protection, adult social care, and homeless services.

One unexpected consequence of the attack was IoT interference, which caused streetlamps in the area to remain on 24/7.

A total of 3TB of sensitive data was claimed to have been stolen by prolific ransomware group Inc Ransom, however, only 1.3TB of this data has been leaked to date. Among these leaked documents were rent statements, personal identification documents, and council house purchase applications of up to 400,000 residents.

The cost of recovery efforts has not been disclosed, though breaches of similar scale – such as the Hackney Council (2020) and Gloucester Council (2021) attacks have amounted over six-figures in recovery costs, underscoring the financial toll of a single cyber-attack on local councils.

Manchester City, Salford City, and Bolton Metropolitan Borough Council

Disruption to local council services can occur due to a third-party service provider within the council supply chain being targeted, adding another potential entry point for cyber criminals to compromise valuable council data.

This occurred in August 2024, whereby the housing service provider Locata was targeted by a cyber-attack, in turn rendering three council’s housing service websites offline – Manchester, Salford, and Bolton.

Although ‘limited’ sensitive data was compromised, thousands of service users were exposed to a phishing email asking them to activate their ‘tenancy options’, prompting them to declare their personal information. The damage from this scam has not been publicly reported.

NoName057(16) Distributed Denial of Service (DDoS) Attacks

By the end of October, numerous UK councils, including Portsmouth, Bradford, Eastleigh, Salford, Middlesbrough, Keighley, Tameside, Medway, Bury, Trafford, Hastings, Plymouth, and BCP (Bournemouth, Christchurch, and Poole) experienced DDoS attacks. These attacks temporarily disabled website services, disrupting operations and limiting access to online resources.

The group behind the co-ordinated attack was NoName057(16), a prolific pro-Russian hacktivist collective that target countries supporting Ukraine in the Russo-Ukranian War.

Although DDoS attacks cause minimal long-term damage to cyber security infrastructure, the National Cyber Security Centre (NCSC) have warned of an increased likelihood of politically motivated attacks in the future, in turn risking future disruption to essential council services.

The Lingering Costs of Cyber-Attacks on Councils

While the immediate damage from many of these incidents was mitigated by the end of 2024, recovery efforts often span over several years, incurring substantial and sustained costs for affected organisations.

Notably, two councils – Hackney and Comhairle nan Eilean Siar – have garnered attention from media outlets as case studies for the significant, protracted financial burden associated with cyber defence restoration post-cyber-attack.

Hackney Council

Hackney council continues to recover from a devastating cyber-attack that occurred over four years ago.

In October 2020, the council was targeted by a ransomware attack that caused significant disruption and financial losses for residents, due to the collapse of property purchases, housing support services, and council tax reduction applications.

Compounding the damage, special category data belonging to 9605 council staff and residents was stolen and leaked onto the dark web three months after the attack.

The ICO has reprimanded the council for the avoidable cyber risk, citing poor cyber hygiene practices, including failing to close dormant accounts with identical username and passwords.

The BBC recently reported that the council has made an overspend of £37m to remediate the damages in 2024 alone, with portions of the budget being allocated to hiring staff to clear backlog and IT consultants to prevent future breaches.

Comhairle nan Eilean Siar

Though less publicised than the attack on Hackney Council, Comhairle nan Eilean Siar faced its own ransomware attack in November 2023, which caused significant disruption to services including council tax billing.

Although no sensitive data was published online by the attack orchestrators, the financial toll has been significant. Inital damage recovery cost estimates of £500,000 made in May 2024 have since doubled to over £1m as of late 2024.

The High Stakes of Cyber Attacks

The consequences of a successful cyber-attack can be disastrous, as councils face huge losses that may eat into other budgets, reprimand from the ICO, and even legal culpability for data breaches.

Unfortunately, cyber criminals know that councils operate under tight budget constrictions, with cyber security often being left to the wayside, which makes you a prime target.

Not having adequate cyber security in place is gambling with the prosperity of your council, especially in a climate in which cyber-attacks are becoming increasingly more sophisticated.

Don’t wait until it is too late – protect your council now

Protecting your council is a personal responsibility, as well as an organisational one. Although such responsibility may sound daunting, The Cyber Centre of Excellence offer a suite of premium cyber security products and services that will provide you and your devices the best possible protection from cyber threats at a high-street price.

The software we deploy, AppGuard, is a military-grade defence that operates on a zero-trust policy – defending your laptop device against even the most sophisticated cyber threats that have never been seen before on the web.

We also offer e-learning courses, staff training, and support sessions to increase your security posture, helping you to remain vigilant against current threats.

Like bricks in a fortress, our suite allows you to layer your defences to ensure your council is ready to keep adversaries at bay. With us, remaining cyber secure is simple.

Take the first step toward a safer future. Contact CCoE today to learn more about our protect suite.

Stay safe – it’s a jungle out there.

Written by Kyle M., member of the Cyber Centre of Excellence.