Sensitive Personal Data Compromised in West Lothian Ransomware Incident

West Lothian Council has reported a significant data breach involving the theft of both personal and sensitive information from its education network. On May 21, the council updated stakeholders on the ongoing situation, revealing its efforts to alert parents and guardians across all schools in the region.

In their communication, the council emphasized the importance of vigilance against phishing attempts and recommended that those affected change their passwords for online accounts. Despite the breach, the council reassured that the stolen data constituted only a minority of the total information held on their education servers. The majority of the data pertains to operational matters within schools, such as lesson planning, which generally does not include personal information. Nonetheless, the council acknowledged that certain personal and sensitive data was indeed compromised.

To assess any potential risks to child protection, a risk assessment has been performed across affected educational institutions, with necessary measures taken as required. Importantly, there appears to be no evidence that highly sensitive information, including confidential student records, financial data, or social work records, was compromised during the breach.

The council previously disclosed on May 6 that its education network suffered a sophisticated cyber-attack, which disrupted IT systems across 13 secondary schools, 69 primary schools, and 61 nurseries. To safeguard remaining systems, the compromised network has been isolated from the wider IT infrastructure.

In the latest updates, the council confirmed that its education network remains segregated from corporate and public access networks. Collaborations are currently underway with Police Scotland and the Scottish government to further investigate the incident. Efforts have been made to minimize disruptions to educational activities, including examinations, with contingency plans in place expected to continue until the end of the academic term.

The council expressed its sincere apologies to those potentially impacted by this cyber incident.

The ransomware attack has been attributed to the Interlock group, which has claimed responsibility for the incident and has included West Lothian Council in its data leak portal. They allege to have exfiltrated approximately 2.63 TB of data, comprising 3,349,196 files and 580,783 folders.

Analysis indicates that the proof pack released by the group includes sensitive documentation such as images of passports and driver’s licenses. A research firm has tracked 16 confirmed attacks by this group since October 2024, particularly targeting governmental and educational institutions. Previous incidents include an attack on Texas Tech University Health Sciences Center, which compromised the personal and medical information of 1.4 million individuals.