Data stolen from the Scottish Environment Protection Agency (Sepa) in a “sophisticated” cyber attack has been illegally published online.
Around 1.2 GB of data, amounting to at least 4,000 files, was stolen in the ransomware attack on Christmas Eve.
The environmental regulator confirmed that data stolen by what was likely to be international serious and organised cyber-crime groups has now been illegally published online.
The agency said priority regulatory, monitoring, flood forecasting and warning services were continuing to adapt and operate.
Sepa chief executive Terry A’Hearn said: “We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
READ MORE: Scotland's environment regulator refuses to pay ransom after cyberattack cripples systems
“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”
The attack has left Sepa unable to access to most of its systems, including its email system.
The environmental regulator said it was continuing to respond to a “significant and sophisticated cyber-attack and a serious crime against Sepa” and was being supported by Scottish Government, Police Scotland and the National Cyber Security Centre.
It said it does not yet know, and may never know, the full detail of the 1.2 GB of information stolen, some of which will have been publicly available, whilst some will not have been.
Mr A’Hearn added: “Sadly we’re not the first and won’t be the last national organisation targeted by likely international crime groups.
“We’ve said that whilst for the time being we’ve lost access to most of our systems, including things as basic as our email system, what we haven’t lost is our 1,200 expert staff.
“Through their knowledge, skills and experience we’ve adapted and since day one continued to provide priority regulatory, monitoring, flood forecasting and warning services.
“Whilst some systems and services may be badly affected for some time, step-by-step we’re working to assess and consider how we recover.”
READ MORE: Scottish ransomware attack 'likely' to be aimed at extorting public funds
Police Scotland said that organisations and individuals should not seek to search for the stolen information, as accessing the host site may place organisations, individuals and their computer infrastructure at risk.
Detective Inspector Michael McCullagh of Police Scotland’s Cybercrime Investigations Unit said: “This remains an ongoing investigation. Police Scotland are working closely with Sepa and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.
“Enquiries remain at an early stage and continue to progress including deployment of specialist cybercrime resources to support this response.
“It would be inappropriate to provide more specific detail of investigations at this time.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel