Cyber Incident Victim: Comhairle nan Eilean Siar
Date:
Nov 2023
Location:
United Kingdom
Summary
Comhairle nan Eilean Siar experienced a cyber attack that rendered operational and backup servers inaccessible, preventing data retrieval despite forensic efforts led by Police Scotland, the National Cyber Security Centre, and the Scottish Government alongside the council's IT team. While no evidence of data extraction or publication was found, the incident caused significant service disruptions, prompting the establishment of an incident management team to prioritize identifying potential data breaches, restoring operations, and maintaining critical community services, with temporary communication channels implemented for public access. The council's chief executive emphasized the attack's damaging impact and highlighted the broader vulnerability of public bodies to escalating cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 7, 2023, Comhairle nan Eilean Siar (Western Isles Council) experienced a cyber attack that rendered its operational and backup servers inaccessible, preventing the council from retrieving stored data. A forensic investigation led by Police Scotland, the National Cyber Security Centre (NCSC), the Scottish Government, and the council’s IT team confirmed the servers themselves were accessed but could not recover the data residing on them. The council characterized the incident as a cyber crime causing significant damage to service delivery, though investigators found no evidence of data extraction or publication at the time of the interim assessment. Comhairle nan Eilean Siar established an incident management team to coordinate its response, prioritizing the identification of potentially compromised information—with commitments to notify affected individuals if evidence emerged—and the restoration of critical services. The attack disrupted multiple council functions, necessitating temporary communication measures, including the development of a replacement website and the publication of temporary phone numbers for social care and social work services via the council’s X (formerly Twitter) account, while certain departments like human resources and Ardseileach care home retained normal contact channels.
The council acknowledged widespread operational impacts, particularly on key public services, though specific affected systems and the full scope of technical disruptions were not detailed in public updates. Chief Executive Malcolm Burr emphasized the incident underscored the vulnerability of public sector entities to escalating cyber threats. Police Scotland maintained an active investigation into the attack, which Article 2 described as an alleged ransomware incident, though no threat actor claimed responsibility or issued ransom demands in the disclosed materials. The Scottish Government confirmed ongoing support for the council’s recovery efforts, which focused on rebuilding infrastructure and mitigating community impacts through regular service updates. No data breach notifications were issued during the initial response phase due to the absence of confirmed data exfiltration. Service restoration timelines and technical remediation steps remained unspecified, with the council’s public communications highlighting continuity priorities for vulnerable populations dependent on its services.