Glasgow City Council Battles Cyber Incident, Unsure on Personal Data Impact

share
Header image

Glasgow City Council Battles Cyber Incident, Unsure on Personal Data Impact

share

No evidence its financial systems have been compromised.


Glasgow City Council is dealing with a cyber incident that has disrupted multiple online services.

According to media reports, the breach was first detected last week when evidence of “malicious activity” was found on servers operated by a third-party supplier.

The council said there is currently no evidence its financial systems have been compromised, and stressed that no bank account or card payment data had been affected.

However, it has contacted the Information Commissioner’s Office (ICO) and warned that some personal information “may have been exfiltrated”.

Operating on Presumption

In a statement, the council said it can't confirm whether data has actually been removed and, if so, what that data is, but it is operating on the presumption that customer data related to the currently unavailable web forms may have been exfiltrated.

A wide range of digital services have been affected, with the council saying this has been caused by the isolation of affected servers, rather than the cyber incident itself.

Mike Britton, CIO, at Abnormal AI, said: “This attack on Glasgow Council shows just how vulnerable local government systems can be due to the complex supply chains they have with multiple third-party vendors. In fact, we’ve seen phishing attacks on state and local governments surge 360 percent between 2023 and 2024.

“Although financial systems aren’t directly impacted, the risk to residents’ personal data is very real. A spike in malicious phishing activity off the back of a breach like this is almost inevitable. Attackers are quick to exploit public confusion and may send out fake emails or texts pretending to be the council, trying to trick people into handing over personal details.”



Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber CrimeGovernment Published: 26 June Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

UK pledges £90M for SME cyber resilience

UK pledges £90M for SME cyber resilience

 Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content
UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth

 Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says
UK watchdog raises concerns over Jaguar Land Rover's cyber bailout

UK watchdog raises concerns over Jaguar Land Rover's cyber bailout