A cyberattack carried out on Glasgow city council last month did not lead to customer data being stolen or encrypted, an expert report has found.
Security specialists say there is ‘no evidence’ the cyber incident on June 19 – which continues to disrupt services – led to encryption or exfiltration of council or customer data.
The experts, who have not been named, say they have ‘high confidence’ that the incident has been contained following an attack last month that hit hit servers operated by a third-party supplier to one of the council’s ICT providers, CGI.
However, services will not be fully restored until next month at the earliest, the council said in a statement on its website.
“We acted quickly to isolate those servers, protecting the council’s wider network. However, taking them offline unavoidably disrupted a number of our day-to-day digital and online services,” the council said.
“Following expert advice, the council took an early decision to proceed on the basis that data was likely to have been lost – and that this may have included customer data.”
It added: “Although there is evidence that attempts were made to download data, these were all denied. The investigation characterises this as an opportunistic attack on a third-party supplier, rather than on the council itself. Access was gained through the supplier’s network, rather than via any council system or user.”
Although the incident disrupted council services, the loss of some web-based services was caused by the isolation of the affected servers, rather than the cyber incident itself, the statement added.
A recovery plan is in place to restore each of the affected services, with all but a handful of applications, which are dependent on external support, expected back online by mid-August.
The council again apologised for the disruption.