Sheffield City Council has recorded over 1,500 data breaches since 2022, making it one of the latest examples of a public authority facing mounting challenges in securing personal data. According to a new investigation by DataBreachClaims, the council paid out £20,000 in compensation over the period as privacy violations and cyber threats continue to increase.
Human Errors and Cyberattacks Driving the Surge
Between 2022 and early 2025, the council reported 1,512 separate data breach incidents and 26 cyberattack cases. While most breaches stemmed from human error—such as emails sent to the wrong recipients or improper disposal of documents—a sharp rise in cyber incidents has added pressure.
According to the report, data breach incidents rose 43% from the 2022/23 to the 2024/25 period. The legal fallout, however, has been more contained, with only 10 breaches resulting in compensation claims.
“We have noticed an increase in data breaches generally over the last year, both in terms of human error and cyber-attacks,”
said Reece Vassallo, a data breach expert at DataBreachClaims.“Compensation depends on what data was exposed and the distress caused. Many cases are resolved without going to court.”
The investigation highlighted that across local governments nationwide, cyberattacks surged 387% between 2022 and 2024. These figures show that local authorities are increasingly being targeted by threat actors who aim to steal or destroy sensitive public data.
Council Responds With New Safeguards and Training
Councillor Zahira Naz, Chair of the Finance and Performance Policy Committee, acknowledged the rise in incidents and emphasized the importance of strong information governance.
“People are at the heart of what we do. We take our responsibilities around data protection and information security extremely seriously,”
said Councillor Naz.“We are committed to minimising harm when a breach occurs, learning from each incident, and embedding those lessons into our practices.”
Sheffield City Council has adopted a “data protection by design and by default” strategy in line with UK GDPR guidelines. Staff members are trained throughout the year, and the council promotes a “Check twice, send once” culture to help reduce human error.
Why Government and Public Institutions Are Prime Targets
Local governments like Sheffield are increasingly attractive to cybercriminals due to the volume of personal data they process and the often under-resourced cybersecurity defenses they maintain. With rising threats, authorities need to shift toward more resilient, multi-layered protection strategies.
This includes bolstering defenses not only against external cyberattacks but also internal errors through better governance, proactive identity management, and backup solutions that ensure continuity even when systems are compromised.
For institutions handling sensitive public data, the ability to restore critical operations rapidly after a breach is no longer optional—it’s essential.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
