English Council Data Breaches Jump 53% in Five Years, Wiltshire Leads with 601% Spike

Freedom‑of‑information requests to 78 of England’s largest councils showed 16,902 breach incidents in the most recent year, up from 11,040 five years earlier. Referrals to the Information Commissioner’s Office grew 41% over the same period, reaching 305. Most events stem from administrative errors such as misdirected emails or insecure document disposal rather than targeted attacks.

Wiltshire Council experienced the sharpest increase, logging 2,391 incidents compared with 341 half a decade ago—a 601% jump. Gateshead, Greenwich, Salford and Bedford followed with rises of 302%, 215%, 191% and 150% respectively. Bristol City Council recorded the highest number of ICO referrals (21), prompting a policy that mandates immediate reporting of any suspected breach to enable early detection and containment.

The surge highlights growing pressure on local authority data security as councils handle more personal data online. While many incidents are low‑level, the cumulative effect strains resources and raises the risk of regulatory penalties. The trend suggests that human error, not sophisticated malware, remains the dominant threat vector in the public sector.

Councils should enforce strict email‑address verification (MITRE ATT&CK T1566.002) and implement data‑loss‑prevention tools to catch misdirected messages. Regular training on secure document handling and disposal reduces exposure from improper paper waste (T1087). Enforcing multi‑factor authentication and least‑privilege access limits credential misuse (T1078). Patching known vulnerabilities in widely used email gateways and monitoring for anomalous login attempts via SIEM rules can detect early signs of compromise. Finally, establishing a clear incident‑reporting workflow—like Bristol’s mandatory‑report policy—ensures rapid containment and regulatory compliance.