On Christmas Eve, the Scottish Environment Protection Agency (SEPA) confirmed that it was responding to a significant cyber-attack affecting its contact centre, internal systems, processes and internal communications.
Despite systems being certified to UK Government security standards, cyber security specialists have identified the loss of circa 1.2 GB on data. Whilst, by comparison, this is the equivalent to a small fraction of the contents of an average laptop hard drive, indications suggest that at least four thousand files may have been accessed and stolen by criminals.
On Thursday 21st January 2021, as part of a broad update on data theft, service delivery and recovery, they confirmed that data stolen by what was likely to be international serious and organised cyber-crime groups has now been illegally published on the dark web.
According to the BBC website Sepa chief executive Terry A’Hearn said: “We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”