Cyber Attack update

The council's education network was the victim of a sophisticated ransomware cyberattack on Tuesday 6 May.  This remains a live criminal investigation, and we are working with all relevant external agencies, including Police Scotland and the Scottish Government.

It has now (Wednesday 21 May) been confirmed that a small percentage of the overall data stored on the education network has been stolen. We are aware that some personal or sensitive data is among the information stolen by criminals.

We are contacting parents/carers at every school in West Lothian to advise them of the data theft, and provide advice on taking extra precautions, as well as Education staff.

We would like to offer our sincere apologies to anyone potentially affected by this criminal cyberattack.

The education network remains removed from the rest of the council's networks, and there has been a significant amount of work undertaken by staff to ensure that disruption to education, including SQA exams, has been minimal.

Contingency arrangements for schools working well, will continue until the end of the current school term.

We will provide updates when further information.

What data has been stolen?

Work is ongoing with the council and our partners to try and confirm the exact data which has been taken.

Only a small amount of the overall data held on our education servers was stolen, and the majority of information held on them relates to operational issues for schools, such as lesson plans, that do not contain any personal details.

We are aware that some personal or sensitive data is among the information stolen by criminals.

Risk assessment has been carried out on any potential child protection issues at each of the schools affected, and appropriate action already taken if required.

What is not affected

There is no evidence that the council's corporate and public access networks have been affected.

All information held elsewhere in the council remains safe and secure, with extra measures in place to protect our networks.

For clarity, there is no evidence that any of the data held below by the council or partners is affected by this breach:

• Confidential pupil records, which are securely stored on the SEEMIS system;
• Pupil information held on the GLOW network;
• Financial data and bank details for payments made to schools through the iPayimpact system;
• Social work records, which are part of the MOSAIC system;
• Corporate data, such as council tax information, customer service enquiries, housing information or any other data held by council services out with education.
   

What should I do now

As a precaution, everyone should be extra vigilant and be aware that there remains the possibility that any stolen data might be used for further criminal activity, such as phishing attacks or other scams.

Due to the increasing number of cyberattacks affecting a range of business and organisations, everyone is urged to be extra vigilant with their data online.

Consider changing your passwords to ensure you have a strong and unique password for each system. Please visit https://www.cyberscotland.com/strong-and-separate-passwords/ for advice on this.

For more information on what do after your data has been lost, please visit https://www.ncsc.gov.uk/guidance/data-breaches.

The Cyber and Fraud Hub support individuals affected by cybercrimes. For more information, please visit www.cyberfraudhub.org or call their free hotline on 08082813580

We will share any further updates as soon as we have them at www.westlothian.gov.uk/cyberattack.

We would ask parents/carers not to contact their school or our customer contact centre regarding the cyberattack, as they do not have any more details than this at this stage. 

Any individual who has evidence that they have been the victim of a crime should contact Police Scotland on 101.