Leicester: Personal data shared online after cyber-attack - council

Leicester City Hall
The council has urged its staff and the public to "be on their guard" [BBC]

Confidential documents featuring people's personal data have been shared online following a cyber-attack at Leicester City Council.

A criminal investigation was launched after the authority was forced to disable its phone and computer systems on 7 March.

On Wednesday, the council confirmed a ransomware group had shared about 25 documents online featuring people's confidential information.

It said it was a "very serious matter".

The documents include people's rent statements, applications to purchase council housing and identification documents such as passport information, the council said.

Richard Sword, strategic director of city developments and neighbourhoods at the council, said people involved in the data leak are being contacted.


According to BBC Cyber Correspondent Joe Tidy, it is understood that a ransomware group called INC Ransom has claimed responsibility for the attack.

Mr Sword said in a statement: "We have today been made aware that a small number of documents held on our servers have been published by a known ransomware group.

"This relates to the cyber incident identified by the council on 7 March, which led to us closing down our IT systems.

"The breach of confidential information is a very serious matter, and its publication is a criminal act. We realise this will cause anxiety for those affected, and want to apologise for any distress caused."

The authority said it was not aware whether other documents had been extracted from its systems but admitted "it was very possible they had".

An image of a sign in Leicester informing residents of a cyber attack
Services including housing benefits and other financial support payments were impacted [BBC]

The council, which became aware of the documents being published on Wednesday evening, said it has also notified the Information Commissioner's Office.

Mr Sword added: "At this stage, we are not able to say with certainty whether other documents have been extracted from our systems; however, we believe it is very possible that they have.

"We are continuing to work with the cyber crime team at Leicestershire Police and the National Cyber Security Centre as part of this ongoing criminal investigation.

"As this is a live investigation, we are not able to comment in further detail but will continue to give updates when we have news to share."

It comes after INC Ransom targeted NHS Dumfries and Galloway with similar demands towards the end of March.

Leicestershire Police said it was aware of the cyber incident and was continuing to support the East Midlands Special Operations' Regional Cyber Crime Unit, which is leading on the ongoing investigation.

Most of the council's systems and phone lines have returned to normal, and the authority said, "there was no reason for concern about conducting business as usual with the council".

Follow BBC East Midlands on Facebook, on X, or on Instagram. Send your story ideas to or via WhatsApp on 0808 100 2210.