A council has been hit by 400,000 spam emails in one week.
Hackers have targeted Sunderland City Council with phishing and spoofing emails, and at least one Distributed Denial of Service (DDoS) attack.
Officers also experienced a “spray attack” where accounts were locked out after criminals repeatedly used common passwords to try to gain access.
The attacks took place during a week in November and the council has said it will improve its IT security.
The council’s IT security breach was revealed in a scrutiny co-ordinating committee report, the Local Democracy Reporting Service said.
Last year, the Local Government Association published a “cyber-stocktake” based on a questionnaire completed by councils.
Sunderland received green and amber ratings in several areas, but was labelled red in technology standards and compliance and detection.
The council said it planned to improve its security by moving PCs to Windows 10 and making sure default passwords were changed.
It said that although measures were being taken, there was “no silver bullet that guarantees 100% protection”.