‘Personal and sensitive’ data stolen in West Lothian Council cyber-attack

West Lothian Council has confirmed cyber criminals stole “personal and sensitive data” during a ransomware attack on its education network earlier this month.

On 6 May, the local authority was hit by a cyber-attack and the incident remains the subject of a live criminal investigation.

Initially the council said there was “no evidence” of data theft, but it has now confirmed a “small percentage” of information was stolen by cybercriminals.

The council has contacted parents and carers as well as education staff across the region to inform them of the theft.  

It said most of the data taken related to operational issues for schools such as lesson plans, but confirmed some personal information was also stolen.

Financial data, social work records and pupil records, are stored in different systems and are believed to be safe, the council said.

A council statement read: “Only a small amount of the overall data held on our education servers was stolen, and the majority of information held on them relates to operational issues for schools, such as lesson plans, that do not contain any personal details.

“We are aware that some personal or sensitive data is among the information stolen by criminals.

“Risk assessment has been carried out on any potential child protection issues at each of the schools affected, and appropriate action already taken if required.”

The council has urged residents to “be extra vigilant”, warning stolen data might be used for further criminal activities such as phishing attacks. It recommended people to change their passwords.

The statement continued: “We will share any further updates as soon as we have them.

“We would ask parents/carers not to contact their school or our customer contact centre regarding the cyberattack, as they do not have any more details than this at this stage. 

“Any individual who has evidence that they have been the victim of a crime should contact Police Scotland on 101.”

Contingency plans were in place following the attack, to ensure schools remained open with “minimal disruptions”.

It comes after Marks & Spencer also confirmed some personal information relating to thousands of customers was taken after it was targeted by cybercriminals during the Easter weekend.