SEPA chief executive Terry A'Hearn:

Stolen SEPA data published by cyber-thieves

Data stolen in a Christmas Eve cyber-attack on the Scottish Environment Protection Agency (SEPA), which regulates some aspects of fish farming, has been illegally published online.

Published Modified

Around 1.2GB of data – at least 4,000 files – were stolen by what SEPA believes was likely to be an international serious and organised cyber-crime group.

“We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online,” said SEPA chief executive Terry A’Hearn.

“We’re working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals.”

Host site trap risk

SEPA said that while stolen data had now been illegally published and work was under way to analyse the data set, it does not yet know, and may never know the full detail of the 1.2 GB of information stolen. Some of the information stolen will have been publicly available, and some will not have been. 

The agency said staff had been contacted based on the information available and were being supported. A dedicated data loss support website, Police Scotland guidance, enquiry form and support line (01698 839 022) were available for regulated business and supply chain partners.

SEPA stressed firm Police Scotland advice that organisations and individuals should not seek to search for the stolen information, as accessing the host site may place organisations, individuals and their computer infrastructure at risk.