Site navigation

Which UK Councils Have Suffered the Most Data Breaches?

Michael Behr


UK Council data breaches
As more organisations adopt digital technology, the number of data breaches have increased.

A new study has discovered which UK councils have been hardest hit by data breaches.

The UK’s councils saw a total of 33,645 human-caused data breaches compromising private information in the last five years.

The research was conducted by VPNoverview, which set out to find which UK councils had been worst affected by data breaches. Freedom of Information (FoI) requests were sent out to 103 county councils, with 79 responding.

According to the company’s findings, Hampshire County Council in the south of England suffered the most human error-caused data breaches. The council has suffered 3,759 breaches since 2016, with 902 of these coming in the years 2018 to 2019.

While it reduced these numbers to 831 in 2020-2021, the volume of attacks has increased since 2016-2017, when it recorded 556 breaches.

Other councils in the rankings include Gloucestershire County Council in second place, which recorded 2,723 breaches, and Lancashire County Council, which suffered 1,260.

In addition, according to VPNoverview, Gloucestershire Council saw the largest increase in data breaches since 2016. They were hit by 90 in 2016-2017 but recorded 1,004 in 2020-2021.

According to their research, Scottish councils have generally reported fewer data breaches compared to English councils. Fife Council was the worst performing Scottish council, seeing a total of 769 data breaches, with Aberdeen City Council at second on 532.

The best performing Scottish council was East Ayrshire, which suffered 14 data breaches.

Overall, the councils which saw the fewest breaches were Armagh City, Banbridge and Craigavon Borough Councils, which have each recorded just four data breaches since 2016, two between 2016 and 2017 and the other two between 2019 and 2020.

Mid and East Antrim Borough Council boast similarly low numbers, with five being recorded between 2018 to 2019, and just one breach between 2019 to 2020.


In June this year, another FoI request found a similar problem. The findings warned that UK councils lacked the resources to prepare for and react to cybersecurity incidents.

Among its findings were reports that only 50% of UK councils had trained their staff in cybersecurity last year, while 45% of councils said they had no professionals with recognised security qualifications.

Hackney Council was one of the high-profile targets hit by cyberattackers last year. Hackers were able to access the council’s systems and exfiltrate sensitive data, and subsequently publish it on the Dark Web.

The reports come as the Covid-19 pandemic accelerates the use of digital technology by all organisations, including councils.

While practices like remote working and increased cloud migration helped provide service continuity, it has also increased organisations’ attack surface and created opportunities for threat actors to exploit.

VPNoverview highlighted that the increased use of technology may be a factor in data breaches, noting that the volume of breaches has generally increased in the last five years.

Get the latest news from DIGIT direct to your inbox

Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars.

We will keep you up to date on the pivotal issues impacting the sector and let you know about key upcoming events to ensure that you don’t miss out on what’s going on across the Scottish tech community.

Click here to subscribe.

Michael Behr

Senior Staff Writer

Latest News

%d bloggers like this: