In November 2023, **Comhairle nan Eilean Siar** (Western Isles Council, Scotland) fell victim to a **sophisticated cyber attack** where hackers installed malicious software, crippling critical systems and backups. The breach disrupted essential public services, including **council tax processing, non-domestic rates, and benefits administration**, leaving both staff and residents unable to access these functions for an extended period. Despite the council’s **swift emergency response**—praised by the Accounts Commission for its effectiveness—**backlogs persisted two years later**, straining employees under increased workloads and stress.The attack exposed vulnerabilities in the council’s **business continuity and disaster recovery plans**, which had not been tested for scenarios of this severity. While no explicit data theft (e.g., personal or financial records) was confirmed in the article, the **prolonged service outages** and reliance on manual workarounds underscored the attack’s **severe operational impact**. The council acknowledged the need for **routine cyber incident response testing** and staff support improvements to mitigate future risks. The incident served as a warning for all Scottish councils about the escalating threat of cyber disruptions to public sector infrastructure.
Source: https://www.bbc.com/news/articles/cp9knn4dgg2o
TPRM report: https://www.rankiteo.com/company/western-isles-council
"id": "wes5734057112725",
"linkid": "western-isles-council",
"type": "Cyber Attack",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Island residents (specific '
'number not disclosed)',
'industry': 'Public Administration',
'location': 'Western Isles, Scotland, UK',
'name': 'Comhairle nan Eilean Siar (Western Isles '
'Council)',
'type': 'Local Government Authority'}],
'date_detected': 'November 2023',
'description': 'A sophisticated cyber attack in November 2023 led to the '
'installation of malicious software on Comhairle nan Eilean '
"Siar's systems. The attack disrupted critical services, "
'including council tax, non-domestic rates, and benefits, with '
'backlogs persisting two years later. The Accounts Commission '
"praised the council's swift response but highlighted "
'inconsistencies in applying business continuity plans and the '
'need for routine testing of cyber incident response and '
'disaster recovery plans. Staff faced significant pressure, '
'and the report emphasized the importance of communication and '
'support during high-stress events.',
'impact': {'downtime': 'Ongoing backlogs persisting for two years (as of '
'2025)',
'operational_impact': ['Service disruptions',
'Staff workload overload',
'Inconsistent application of business '
'continuity plans'],
'systems_affected': ['Council tax systems',
'Non-domestic rates systems',
'Benefits systems',
'Back-up systems']},
'investigation_status': 'Completed (report published by Accounts Commission)',
'lessons_learned': ['Need for routine testing of cyber incident response, '
'disaster recovery, and business continuity plans',
'Importance of consistent application of business '
'continuity plans',
'Enhanced communication and support for staff during '
'high-stress incidents',
'Recognition of the scale and sophistication of cyber '
'threats to local authorities'],
'post_incident_analysis': {'corrective_actions': ['Development of new cyber '
'incident response, '
'disaster recovery, and '
'business continuity plans',
'Commitment to routine '
'testing of these plans',
'Review of staff '
'communication and support '
'protocols'],
'root_causes': ['Sophisticated malicious software '
'installation',
'Inconsistent application of '
'business continuity plans',
'Lack of prior testing for severe '
'cyber attack scenarios']},
'recommendations': ['Thorough and routine testing of newly developed cyber '
'incident response, disaster recovery, and business '
'continuity plans',
'Review and improve staff support mechanisms during cyber '
'incidents',
'Inform ongoing security improvements based on audit '
'findings'],
'references': [{'source': 'BBC News'},
{'source': "Accounts Commission (Scotland's public spending "
'watchdog)'}],
'response': {'communication_strategy': ['Acknowledged need for improved staff '
'communication and support'],
'containment_measures': ['Emergency arrangements implemented '
'immediately'],
'incident_response_plan_activated': True,
'recovery_measures': ['Ongoing recovery efforts',
'Review of business continuity and '
'disaster recovery plans']},
'title': 'Cyber Attack on Comhairle nan Eilean Siar (Western Isles Council)',
'type': ['Cyber Attack', 'Malware Infection']}