The breach began days earlier, with a single email carrying an apparently harmless attachment — a piece of malware that would silently embed itself in the council’s systems. It lay dormant until activated remotely
In the small hours of a winter morning in February 2020, an IT engineer raced through the darkened streets of Redcar, a coastal town in north-east England, responding to a critical alert. Something was wrong with the council’s computer network.
Within minutes of arriving at the council offices, he began shutting down servers in an urgent attempt to contain the spread of what turned out to be a ransomware attack. But it was already too late.
Hackers had infiltrated the systems of Redcar and Cleveland Borough Council, encrypting vast swathes of data and demanding a ransom for its return. The impact was immediate and wide-ranging — disrupting services from waste collection to child protection.
“I got a phone call to say: we’ve been hit,” recalled Mary Lanigan, then leader of the council. “The destruction of our systems was total.”
In recent weeks, high-profile cyber-attacks have hit major UK retailers, including M&S and the Co-op, causing empty shelves and data breaches. But some security experts warn the most severe threat lies elsewhere.
Ciaran Martin, the former head of the National Cyber Security Centre (NCSC), has described his “biggest cyber-security worry” as the risk of coordinated attacks on public services such as councils and hospitals — strikes that, in his words, could “wreck lives”.
Investigations shows how the Redcar and Cleveland attack unfolded, what it took to restore operations, and the lasting impact on local residents.
The breach began days earlier, with a single email carrying an apparently harmless attachment — a piece of malware that would silently embed itself in the council’s systems. It lay dormant until activated remotely.
Once triggered, it moved quickly. Within hours, the virus had spread across the network, locking staff out and corrupting files. By 11am on Saturday 8 February, residents had begun to notice the council’s website was down.
“There wasn’t a lot we could do,” said Lanigan. “You had to be practical, so it was actually about getting more phones in so people could ring us.”
Lanigan, who lost her seat in the 2023 local elections, said she came under pressure at the time from officials and central government not to speak publicly about the extent of the damage. The council, however, denied this, saying there had been no such pressure or instruction, then or since.
Five years on, Lanigan has changed tack: “It was devastating. Devastating for us, for the staff, for the public and for everybody else.”
Critical services were affected. Data-sharing with police and the NHS was disabled. Social care, including services for elderly residents and vulnerable children, was paralysed.
“Even somebody ringing up and saying ‘my bin hasn’t been emptied’ wasn’t dealt with,” Lanigan said.
The council has not disclosed whether a ransom was paid. But the attack became a case study in how a digital breach can quickly become a real-world crisis — one that underlines just how fragile public sector systems can be in the face of organised cyber-crime.
