Site navigation

Stolen SEPA Data Published Online by Cybercriminals

Ross Kelly



The environmental agency has issued a further update on the ‘ongoing’ ransomware attack that has knocked key systems offline.

The Scottish Environmental Protection Agency (SEPA) has revealed that data stolen from it in a cyber-attack has been published online.

Earlier this month, the government agency confirmed that around 1.2Gb of data had been seized in a ransomware attack on Christmas Eve. SEPA said the culprits are believed to be “international serious and organised cyber-crime groups”.

In a statement published yesterday, SEPA Chief Executive Terry A’Hearn provided further updates on the incident which has “significantly impacted” the organisation’s ability to function.

The environmental regulator confirmed that data stolen in the ransomware attack has now been published online illegally.

“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online,” he said.

“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”

It is likely that the 4,000 files have been circulated on the dark web, which is a common tactic of cybercriminals. SEPA added that work is underway to establish exactly what type of information has been stolen.

So far, SEPA said it believes stolen information is related to a number of business areas, including “corporate plans, priorities and change programmes”.

Personal information belonging to SEPA staff, information related to commercial work with international partners and procurement details are also believed to have been stolen, the agency revealed.

“Some of the information stolen will have been publicly available, whilst some will not have been,” SEPA said.


A’Hearn reiterated that it has refused to engage with the cybercriminals involved in the ransomware attack and will not use public funds to re-gain access to stolen information.

“We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds,” he said.

Jude McCorry, Chief Executive of the Scottish Business Resilience Centre, added: “There are many ways, including ransomware, a business can experience a cybersecurity incident, with varying levels of complexity and disruption. Cyber incidents can occur through deliberate targeting like we have seen with SEPA, or even human error, the end result is the same, a disruptive effect on business operations.

“At SBRC we are working in partnership with Police Scotland and the Scottish government running the UK’s first collaborative cyber incident response helpline for organisations in Scotland.”

Ross Kelly

Staff Writer

Latest News

%d bloggers like this: