Leicester City Council has confirmed a data breach by the ransomware group INC Ransom [3], resulting in the theft of approximately 3TB of sensitive data.


This breach, the second attack by INC on a British public sector organization within weeks [6], led to the exposure of personal information such as passports, bank statements [1] [2] [4] [5] [6] [7] [8] [9] [10], rent statements [1] [2] [4] [5] [6] [7] [8] [9] [10], housing purchase applications [8] [10], and identification documents [7] [8] [10]. Around 25 confidential documents containing individuals’ personal information were leaked online. The council is collaborating with law enforcement and cyber security agencies in an ongoing criminal investigation to determine the extent of the breach and notify affected individuals. Efforts are underway by Leicestershire Police and the National Cyber Security Centre to address the situation [7], with the Information Commissioner’s Office being informed [8] [10]. While public services were disrupted, most systems have now been restored to normal. INC Ransom [1] [3] [5] [6] [7] [8] [9] [10] [11], known for employing double-extortion tactics and pressuring victims to pay a ransom by publicly identifying targets and then deleting the post, has a history of targeting various sectors, particularly healthcare. This incident underscores the growing threat of ransomware attacks on public sector entities, with 36 such attacks reported in 2024. Governments are advised to enhance their cyber resilience through risk assessments [3], patching [3], and robust security policies. Cyber security experts recommend that organizations strengthen their defenses against ransomware attacks and provide training for employees to identify malicious activity [5]. The announcement of the data theft was quickly taken down after being posted on the leak site. This incident occurred shortly after the council experienced a widespread disruption on March 7 [11], which affected various online services [11]. The council has been working to restore all impacted systems and services [11], including phone lines [11]. INC Ransom had previously targeted Scotland’s National Health Service Dumfries and Galloway regional health board [11], resulting in the theft of sensitive patient data [11].


The breach by INC Ransom on Leicester City Council highlights the urgent need for public sector entities to strengthen their cyber security defenses against ransomware attacks. The incident serves as a reminder of the importance of proactive risk assessments, patching [3], and robust security policies to mitigate the impact of such cyber threats in the future.


[1] https://www.bbc.co.uk/news/uk-england-leicestershire-68727648.amp
[2] https://www.ukauthority.com/articles/leicester-city-council-acknowledges-cyber-theft-of-data/
[3] https://www.infosecurity-magazine.com/news/leicester-council-documents-leaked/
[4] https://www.intelligentciso.com/2024/04/04/experts-react-to-leicester-city-council-cyberattack/
[5] https://www.independent.co.uk/tech/leicester-city-council-ransomware-employees-uk-government-national-cyber-security-centre-b2523313.html
[6] https://www.itpro.com/security/inc-ransom-group-claims-latest-uk-victim-with-leicester-city-council-but-who-are-the-new-kids-on-the-digital-extortion-block
[7] https://www.bbc.co.uk/programmes/p0hnqq0c
[8] https://news.cloudsek.com/2024/04/leicester-city-council-hit-by-ransomware-attack-personal-data-leaked-online/
[9] https://www.newschainonline.com/news/city-council-says-confidential-documents-shared-online-after-cyber-attack-393691
[10] https://news.yahoo.com/tech/leicester-personal-data-shared-online-194147949.html
[11] https://www.scmagazine.com/brief/attack-against-uk-city-council-admitted-by-inc-ransom