Retaining decades worth of unencrypted personal information connected to the internet is a data breach disaster waiting to happen, as this report from DefendOps Diaries illustrates:
The recent cyberattack on Oxford City Council has underscored the vulnerabilities inherent in managing vast amounts of historical data. Over the weekend of June 7 and 8, 2025, unauthorized access to the council’s network resulted in the compromise of personal information spanning 21 years. This breach, detected by the council’s automated security systems, highlights the ongoing challenges faced by public institutions in safeguarding sensitive information. The attackers targeted legacy systems, accessing data related to individuals involved in election processes, including poll station workers and ballot counters (BBC). The incident not only exposed personal data but also disrupted the council’s ICT services, affecting the delivery of critical public services (Bleeping Computer).
… The compromised data primarily consisted of personal information related to individuals who worked on elections administered by Oxford City Council between 2001 and 2022. This includes poll station workers and ballot counters, many of whom are current or former council officers (BBC). The specific types of personal information accessed have not been fully disclosed, but it is known that the data breach affected both current and former employees of the council (The Register).
Read more at The DefendOps Diaries.
