West Lothian Council confirmed that ransomware actors have stolen personal and sensitive information from its education network. The attack, claimed by the Interlock ransomware group, involved the theft of 2.63 TB of data, including images of passports and driver's licenses. The Council is contacting parents and carers to inform them of the breach and offering advice to be vigilant of phishing attacks. A risk assessment has been carried out on potential child protection issues, and the Council is working with Police Scotland and the Scottish government to investigate the incident.
Source: https://www.infosecurity-magazine.com/news/personal-data-stolen-west-lothian/
TPRM report: https://scoringcyber.rankiteo.com/company/west-lothian-council
"id": "wes518052325",
"linkid": "west-lothian-council",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education',
'location': 'West Lothian, Scotland',
'name': 'West Lothian Council',
'type': 'Local Authority'}],
'attack_vector': 'Ransomware',
'customer_advisories': 'Contacting parents and carers, offering advice on '
'phishing and password changes',
'data_breach': {'data_exfiltration': '2.63 TB of data',
'file_types_exposed': ['images of passports',
"driver's licenses",
'various other documents'],
'number_of_records_exposed': '3,349,196 files and 580,783 '
'folders',
'personally_identifiable_information': ['passports',
"driver's licenses"],
'sensitivity_of_data': ['low to high'],
'type_of_data_compromised': ['personal data',
'sensitive data',
'operational issues for '
'schools']},
'date_detected': '2024-05-06',
'date_publicly_disclosed': '2024-05-21',
'description': 'West Lothian Council confirmed that ransomware actors have '
'stolen personal and sensitive information stored on its '
'education network.',
'impact': {'data_compromised': ['personal and sensitive data',
'operational issues for schools',
'passports',
"driver's licenses",
'various other documents'],
'operational_impact': 'Contingency plans expected to continue '
'until the end of the current school term',
'systems_affected': ['education network',
'IT systems used by 13 secondary schools, 69 '
'primary schools and 61 nurseries']},
'investigation_status': 'Ongoing',
'motivation': 'Financial',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Interlock'},
'references': [{'source': 'West Lothian Council'}],
'response': {'communication_strategy': 'Contacting parents and carers, '
'offering advice on phishing and '
'password changes',
'containment_measures': 'Isolated education network from the '
'rest of its IT infrastructure',
'law_enforcement_notified': 'Police Scotland, Scottish '
'government'},
'stakeholder_advisories': 'Parents and carers at every school in West Lothian',
'threat_actor': 'Interlock Gang',
'title': 'West Lothian Council Ransomware Attack',
'type': 'Ransomware'}