Powys County Council has paid out thousands of pounds after repeated data breaches, according to recent investigation.

Data Breach Compensation Claims has said that Powys County Council paid out more than £11,000 in data breach claims since 2021, as part of an investigation into the number of cyber and non-cyber security incidents experienced by local authorities.

Councils are expected to collect, store, use, share and dispose of personal information or data about individuals, in line with General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).


According to the Information Commissioner’s Office (ICO), cyber attacks on local authority systems have increased by a 24 per cent between 2022 and 2023.

Security breaches have the potential to put thousands of people’s personal details at risk, potentially harming victims psychologically as well as financially.

In their investigation Powys County Council revealed a total 516 data breach incidents since 2021 with figures rising year on year.

It reported 149 incidents between 2021/22, a further 166 between 2022/23 and 201 incidents between 2023- March 2024 but stressed that the majority of these are likely to be for “relatively minor issues”.

These could include emails being sent to the wrong recipient or incorrect disposal of paperwork.

Powys Council Council confirmed a total of six cyber security incidents: two between 2022 and 2023 and four between 2023 and March this year. A total of £11,300 was paid in compensation for Data Breach Claims during that time.

A spokesperson for Powys County Council said: “The council has in place robust processes and policies for the reporting, and management of any personal data breach that may occur, to ensure that incidents, however minor, are examined with the necessary assessments of risk, reporting, investigation and learning undertaken.

County Times: County Times subscription offer

“Personal data breaches vary dependent upon the volume, nature and sensitivity of the personal data affected, the circumstances of the breach and the impact upon individuals(s).

“The annual Information Governance report provides information on the council's handling of personal data breaches to Cabinet.

“Third party claims arising from data breaches are dealt with under the council’s insurance arrangements.”