Cyber Incident Victim: Livingston
Date:
May 2025
Location:
United Kingdom
Summary
West Lothian schools were hit bya suspected criminal ransomware cyberattack that disrupted the education network, prompting the council to activate contingency plans to keep schools open and ensure SQA examinations proceed unaffected. A spokesperson said there is no evidence that personal or sensitive data has been accessed, and that corporate and public access networks remain unimpacted, while Police Scotland and the Scottish government assist with an ongoing criminal investigation. Ransomware, which encrypts files to block access, typically seeks a decryption payment, and the local authority operates 13 secondary, 69 primary and 61 nursery institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On 1 May 2025 West Lothian Council reported that its education network had been affected by a suspected criminal ransomware cyberattack, a type of malware that prevents access to devices and data by encrypting files according to the National Cyber Security Centre. A council spokesperson confirmed that the attack had disrupted the education network and that contingency plans were being activated to keep schools open. The council stated that a criminal investigation was underway and that it was working closely with Police Scotland and the Scottish government to address the incident. No evidence was found at that time that personal or sensitive data had been accessed or that the council’s corporate and public access networks were compromised.
The spokesperson emphasized that contingency plans were in place to ensure schools could operate with minimal disruption until the issue was resolved, and that all West Lothian Council schools would remain open as normal that week. It was also confirmed that SQA examinations would not be affected by the attack. West Lothian Council oversees 13 secondary schools, 69 primary schools and 61 nurseries, all of which were included in the statement regarding continued operation. The council noted that there was no indication that the ransomware had spread beyond the education network to other council systems.
Throughout the incident the council maintained communication with law enforcement and government partners, providing updates as the investigation progressed. The ongoing criminal investigation aims to identify the responsible actors and determine the full scope of the attack. The council’s public statements focused on the lack of data breach evidence, the activation of contingency measures, and the commitment to restore normal operations as swiftly as possible.