In the latest in a string of cyber incursions targeting UK public bodies, Glasgow City Council has confirmed it was struck by a cyber attack that forced key digital services offline and may have resulted in the theft of customer data. The breach has triggered a multi-agency investigation and raised concerns over the resilience of local government cyber infrastructure.
Public Portal Paralysed: Digital Services Suspended in Wake of Attack
On Thursday, Glasgow City Council, Scotland’s largest local authority, suffered a significant cyber attack that has disrupted online services for residents and raised alarm over potential data breaches. While the council says no financial systems were affected, a swath of public-facing services, including the payment of penalty charges, school absence reporting, planning applications, and registrar services, have been suspended.
In response, the council took multiple servers offline as a precaution, affecting not just its operations but also that of North Lanarkshire Council, for whom Glasgow processes parking fine payments. Services are now being rerouted via telephone, prompting long delays and widespread public frustration.
Exfiltration Suspected: Fears of Citizen Data Theft Surface
The local authority has acknowledged that customer data linked to currently unavailable web forms may have been exfiltrated. Although specifics on the nature and volume of data have not been disclosed, officials are urging the public to exercise caution if contacted by anyone claiming to be from the council.
A chilling advisory from the council warned residents to “be cautious” about unsolicited communication. This echoes a similar incident in Edinburgh just weeks prior, where a spear-phishing attack disrupted access to student revision platforms ahead of exams. All student passwords were reset as a precaution.
Notably, security experts confirmed that email systems were not compromised in the Glasgow attack, a key reassurance as phishing remains a common attack vector. Nevertheless, the city is now operating on the presumption of data compromise, highlighting the scale of risk associated with municipal cyber breaches.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Public Sector Under Siege: A Broader Pattern Emerges
This incident follows a worrying trend of digital assaults on UK public institutions. Just last month, NHS Dumfries and Galloway suffered a major data breach, and North Lanarkshire Council experienced operational disruption in late 2023. These attacks expose vulnerabilities in the digital backbone of critical services, from healthcare to education and local governance.
A joint investigation has been launched involving Police Scotland, the Scottish Cyber Coordination Centre (SC3), and the National Cyber Security Centre (NCSC), with cybersecurity firms assisting in threat analysis and containment.
Cybersecurity analysts warn that such attacks, particularly if data exfiltration is confirmed, could fuel identity theft, fraud, and phishing scams, especially as local authorities hold vast troves of personal, legal, and even biometric information.