'No evidence' data was stolen in Glasgow City Council cyber attack

Cyber security experts investigating an attack affecting Glasgow City Council say they have found no evidence that data was stolen or encrypted.

A report received by the council confirmed the incident has been contained, with investigators expressing ‘high confidence’ in their findings.

The cyber incident was first detected on Thursday 19 June, when malicious activity was found on servers operated by a third-party supplier linked to one of the council’s ICT contractors, CGI.

The servers were immediately isolated, which disrupted several digital and online council services.

Many of these have since been restored, though work to fully recover systems will continue into August.

Early on, the council acted on expert advice and assumed data loss had occurred, potentially including customer data.

However, subsequent forensic analysis has found no signs of council or customer data being accessed, stolen or encrypted.

Attempts were made to download data, but all were denied, according to investigators.

The incident has been described as an opportunistic attack on the third-party supplier, rather than a direct breach of the council’s systems.

Access was gained through the supplier’s network, not via council staff or infrastructure.

Although some services remain offline, the council says many priority systems are back in operation, and temporary alternatives are in place for others.

A full recovery plan is under way, with most services expected to be restored by mid-August.

A council spokesperson apologised for the disruption and said efforts to restore services are ongoing.

Hear the latest news on Clyde 1 on FM, DAB, smart speaker or the Rayo app.