STOLEN SEPA DATA IS PUBLISHED ONLINE
DATA stolen from the Scottish Environment Protection Agency (Sepa) in a “sophisticated” cyber attack has been illegally published online.
Around 1.2 GB of data, amounting to at least 4,000 files, was stolen in the ransomware attack on Christmas Eve.
The environmental regulator confirmed the data, likely stolen by international serious and organised cyber-crime groups, has now been published online.
The agency said priority regulatory, monitoring, flood forecasting and warning services are continuing to adapt and operate.
Sepa chief executive Terry A’Hearn said: “We’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds. We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”
The attack has left Sepa unable to access most of its systems, including its email system.
The environmental regulator said it is continuing to respond to a “significant and sophisticated cyber-attack and a serious crime against Sepa” and is being supported by Scottish Government, Police Scotland and the National Cyber Security Centre.
It said it does not yet know, and may never know, the full detail of the 1.2 GB of information stolen, some of which will have been publicly available, whilst some will not have been.
Detective Inspector Michael McCullagh, of Police Scotland’s Cybercrime Investigations Unit, said: “This remains an ongoing investigation. Police Scotland are working closely with Sepa and our partners at Scottish Government and the wider UK law enforcement community to investigate and provide support in response to this incident.”