Glasgow city council has been impacted by a cyber incident which is disrupting services and may have involved the theft of customer data.
The local authority – Scotland’s largest by population, serving 620,700 people – is being supported by national agencies include the police, Scottish Government and National Cyber Security Centre following the incident last Thursday.
IT contractor CGI alerted the council to malicious activity on servers managed by a third party supplier, and the decision was made to them offline, causing disruption to day-to-day digital and online services.
The council issued an apology today for “the anxiety and inconvenience” caused by the incident, which affected a number of services.
They include the viewing and commenting on planning applications; paying penalty charges for parking or bus lane contraventions; reporting school absences, and ordering certificates from city registrars.
Some online diaries and calendars are also not available – for example, household schedules for bin collections. And members of Strathclyde Pension Fund are not currently able to access the SPFOnline portal.
In a statement on the council’s website, it said they were working on the presumption that customer data related to the currently unavailable web forms may have been exfiltrated. It has contacted the Information Commissioner’s Office (ICO) on this basis.
The statement added: “At this stage we can’t confirm whether data has actually been removed and, if so, what that data is. No council financial systems have been affected in this attack and no details of bank accounts or credit/debit cards processed by those systems have been compromised.”
The council went on to advise anyone who has recently used the listed services to be “particularly cautious about contact claiming to be from Glasgow City Council.”
The recently-established Scottish Cyber Coordination Centre – operated by the Scottish Government – is also assisting in the investigation.
“Security specialists reviewing this incident have confirmed that it was not caused by email. Email communication with the Council remains safe – although, as always, you should be suspicious of any email which asks you to provide bank account details, passwords or other secure information. The Council will never ask you for details like that by email,” the statement added.
Disrupted services
- Planning – online access to planning applications is unavailable.
- Penalty Charge Notices – citizens are unable to access contravention evidence, make payments or submit online appeals.
- Pensions – members are unable to access the SPFOnline portal.
- Registrars – citizens are unable to book appointments online.
- Revenues and Benefits – citizens are unable to book callback appointments online.
The following online forms and calendars are also unavailable:
- Permits
- Complaints
- Certificate Online (births, deaths, marriages)
- Comments and Compliments
- FOI Requests
- Application for Footway Crossing (dropped kerbs)
- Elections
- Planning Enforcement
- Planning Statutory Enforcement
- Public Processions
- Future Processions
- Sign Language Interpreter Service (SLIS)
- Glasgow Film Office Location Library
- Pupil Absence
- Bin Calendar
- Taxi Complaints Form
- Council Diary
