Personal data compromised in Gateshead Council cyber attack
The Medusa ransomware group has claimed responsibility for the attack


Gateshead Council has fallen victim to a cyber attack in which personal data has been stolen.
The council confirmed it was hit in the early hours of January 8th, and that the attack is under investigation by the North East Regional Organised Crime Unit (NEROCU).
The local authority has reported the incident to the Information Commissioner's Office (ICO) and other regulatory bodies.
Business is continuing as usual, officials said, and the initial threat has been contained. Council officers are contacting the people affected.
"We have taken immediate remedial action to limit data loss and business continues as usual now we have isolated this incident, but investigations continue into this," said Mike Barker, strategic director for corporate services and governance for Gateshead Council.
"Work is ongoing with relevant parties to understand how this incident happened and any wider implications it may have.
"A number of files have been accessed as part of this incident and we are now contacting those people impacted directly to ensure they are protected from any further harm. The police are also investigating this as a crime."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Gateshead Council is advising residents to change their passwords and look out for any phishing emails or fraudulent activity on their accounts. It's promised to keep residents informed as it continues investigating the incident.
"As investigations continue there is a possibility of further issues arising, and we will work to mitigate this should that be the case," said Barker.
"Investigations so far have not indicated there is any further damage caused, but we need to be open to the possibility."
Who was behind the Gateshead Council attack?
The incident has been claimed by ransomware gang Medusa, which has added Gateshead Council to its data leak site. The group has demanded $600,000 for the data to be deleted or it will be released in nine days.
The group first emerged in September 2019, launching its leak site in February 2023. Research on the ransomware gang shows it favors a double-extortion approach.
Rebecca Moody, head of data research at Comparitech, said Medusa has become one of the most prolific groups in recent years.
"Since its inception, we’ve tracked 107 confirmed attacks via this group with an average ransom of nearly $690,000. Sixteen government entities are among those confirmed attacks, but this is the first entity within the UK to have been confirmed," Moody said.
RELATED WHITEPAPER
"In 2024, we also noted 149 unconfirmed attacks via this group and have tracked three so far this year."
According to Comparitech, there were 182 attacks on government agencies across the globe last year, with an average ransom demand of $2.3 million.
England’s National Museum of the Royal Navy, for example, was hit by a ransomware attack in December 2024 as were three US government entities - Wood County, RIBridges, and Pittsburgh Regional Transit.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Law enforcement needs to fight fire with fire on AI threats
News UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
By Emma Woollacott Published
-
Healthcare systems are rife with exploits — and ransomware gangs have noticed
News Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
By Nicole Kobie Published
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Troy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
By Jane McCallion Published
-
Alleged LockBit developer extradited to the US
News A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
By Emma Woollacott Published
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
By Emma Woollacott Published
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
News The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
By Solomon Klappholz Published
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a year
Analysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
By Solomon Klappholz Published
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plate
News While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
By Emma Woollacott Published