Data breach incidents recorded by English local councils have risen by 53% over the past five years, according to new research based on freedom of information requests.
Analysis of FOI data from 78 of England's largest local councils found that referrals to the Information Commissioner's Office — covering the most serious breaches — climbed 41% over the same period. In the most recent reporting year, those councils collectively logged 16,902 incidents and 305 ICO referrals.
The research, published by password management firm Passpack, highlights growing pressure on local authority data security at a time when councils handle increasing volumes of sensitive personal information.
The findings come amid broader concerns about cybersecurity in the public sector. Most incidents are believed to stem from administrative errors, such as emails sent to the wrong recipient or poor document disposal practices, rather than deliberate attacks.
Wiltshire Council recorded the largest increase of any authority, with a 601% rise from 341 to 2,391 incidents, followed by Gateshead Council (302%), London Borough of Greenwich (215%), Salford City Council (191%), and Bedford Borough Council (150%).
Bristol City Council recorded the most ICO referrals of any authority (21), followed by Cumberland Council and Cornwall Council (16 each), Shropshire Council (15), and the London Borough of Enfield (14).
Commenting on the research, a Bristol City Council spokesperson emphasised the council's commitment to data protection, noting that all staff must report any suspected breach — however minor — to enable early identification, swift containment, and ongoing improvements to security controls.
The spokesperson added that the council operates within a comprehensive policy and training framework, ensuring every incident is individually assessed and, where necessary, escalated to the regulator in line with legal obligations.
Check out: How local authorities are uncovering the UK's hidden cyber supply-chain threats
