Personal data belonging to staff at a London council were not stolen in an attack by an Islamic hacker, contrary to initial reports, an investigation has concluded.

In August, the Daily Telegraph reported that names, email addresses and passwords from staff working for Croydon Council were on a list leaked on the internet by an Isil fighter.

However, an internal investigation has discovered that online security systems had not, after all, been breached.

A statement from the council said: “Investigations via the Foreign and Commonwealth Office found no evidence that Croydon Council staff’s emails had been shared on websites, contrary to the reports of some national newspapers.

“Internal investigations also confirmed that there had not been a breach of our systems. We continue, however, to remain vigilant as ensuring all our data remains safe is a priority for us.”

Related content

ICO informed of council email hack
Case study: Immediate savings for Poole Borough Council

The Telegraph had reported that details of Croydon staff were among details of more than 1,500 US military personnel leaked on the internet.

The spreadsheet was first posted online by Australian Isil fighter and senior recruiter Neil Prakash, who refers to himself as Abu Khaled al-Cambodi.

A message accompanying the data was addressed to western “crusaders” and warned: “We are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!”

According to local newspaper, the Croydon Guardian, there was never any reference to any of the council’s staff on the spreadsheet.

It did contain the name of one woman working for Stockport Metropolitan Borough Council, but experts have raised doubts about whether her details were obtained by hacking.