When a breach goes from 25 documents to 1.3 terabytes…

Leicester CIty Council counts the cost of a ransomware attack.

When a breach goes from 25 documents to 1.3 terabytes...


On 7 March 2024, the UK’s Leicester City Council had its systems disrupted by a devastating cyber attack, forcing it to shut down its IT systems and phone lines.

Among those affected were care home workers and the homeless.

Sign up to our free newsletter.
Security news, advice, and tips.

By the end of March, the council was “not yet able to say” if any data had been breached during the attack.

But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.

Nasty stuff. And the council described the data breach as a “very serious matter.”

Well, yes, it is serious if malicious hackers steal 25 documents.

But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents. The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.

Council FAQ
Part of Leicester City council’s FAQ on the data breach

What has happened and what has the council done to manage the incident?

Following the cyber incident on 7 March 2024, the ransomware group responsible has published approximately 1.3 terabytes of data.

We appreciate that this may be worrying and so we have created the following FAQs.

What kind of information has been stolen?

We are reviewing the data that has been published, the previous data release consisted of documents including rent statements, applications to purchase council housing and documents related to this such as passport details.

Due to the amount of data that has now been published we cannot contact everybody who is affected. We are reviewing the data and will be prioritising the people at highest risk.

And Leicester City Council can’t rule out the possibility that yet more data might be leaked in the future.

If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…

…or should I be saying 3 terabytes? As that’s what the ransomware gang claims it has stolen.

Leicester data leak

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.