Glasgow City Council in update after cybersecurity incident
The attack took place last month and hit servers operated by a third-party supplier to one of the council's ICT providers, CGI.
It was discovered in the early morning of Thursday, June 19, when CGI discovered malicious activity on the servers.
GCC stated that it acted quickly to isolate the affected servers, protecting the council's wider network.
However, the council noted that by taking them offline, it unavoidably disrupted a number of its day-to-day digital and online services.
READ NEXT: How George Square's £20m makeover will change City Chambers
After seeking expert advice, the local authority says it took an early decision to proceed on the basis that data was likely to have been lost, and that this may have included customer data.
Subsequent independent forensic analysis is now said to have found 'no evidence' of encryption or exfiltration of council or customer data.
However, GCC will continue to 'monitor the situation closely'.
The council stated that work to safely recover online services is 'well advanced' and will continue into August in some cases.
Despite there being evidence that attempts were made to download data, these were all denied.
The investigation is said to characterise the attack on the third-party supplier as 'opportunistic'.
Access is said to have been gained through the supplier's network and not a council system or user.
READ NEXT: Circus acts and dancers in 6 snaps at Merchant City Festival
Although the incident has disrupted council services, the loss of some web-based services is said to have been caused by the isolation of the affected servers.
GCC added that, wherever possible, it has put in place alternative ways to access services temporarily.
It is understood that many of the highest priority services are now back online.
A recovery plan is in place to restore each of the affected services, with all but a handful of applications – said to be dependent on external support – expected back online by mid-August.
The council has apologised for the 'continued inconvenience' this will cause its customers.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Glasgow Times
03-08-2025
- Glasgow Times
Glasgow residents are struggling to complain on council app
Springburn/Robroyston councillor Audrey Dempsey says she has received 'numerous' enquiries from constituents saying they have experienced problems reporting issues with bins and anti-social behaviour. The MyGlasgow app is set up to provide a range of services from requesting a bulky waste collection to reporting fly tipping or graffiti. It also offers links to useful information about school holidays, paying council tax or updates to online announcements via social media. The issues facing the app comes after a cyber attack hit servers operated by a third-party supplier to one of the council's ICT providers, CGI. The cyber incident was discovered in the early morning of Thursday, June 19 when CGI discovered malicious activity on servers hosted by a third-party supplier. Councillor Dempsey says she is unclear if the problems with the MyGlasgow app are a direct result of the cyber incident as she claims councillors were unaware of any issues for a long time. She said: 'I have had numerous people telling me that they have tried to report problems with bins, council tax issues and anti-social behaviour in their local park through the MyGlasgow app. 'Where they would normally get an acceptance notification to say we have received your complaint and that it is being processed, some of my constituents are saying they haven't even had that and are not convinced their complaint has gone through. 'I have had a couple of people asking me to take the complaints up on their behalf as a result. 'In general there are always issues with the IT system outside of this cyber attack. Over the last couple of days the phone lines have also been down. 'It is hard to say if the MyGlasgow app issues are a direct result of the attack as we were unaware of the incident for so long. We found out shortly before the public found out. 'There are still IT problems for the constituents and I know that I have encountered problems on my machine as have other members. 'We don't know how long it has been going on, how deep it has gone or the way it has affected the council overall.' Glasgow City Council's most recent update on the incident last week highlighted that although council services have been disrupted, the loss of web-based services was caused by the isolation of the affected servers, rather than the cyber incident itself. A spokesperson previously said: 'Wherever possible, the council put in place alternative ways to access services on a temporary basis and, in parallel, began safely restoring the affected services. 'Many of the highest priority services are now back online, with temporary workarounds in place for others. 'A recovery plan is in place to restore each of the affected services, with all but a handful of applications, which are dependent on external support, expected back online by mid-August.' Council services affected by the incident have included accessing online planning applications as well as birth, death and marriage certificates. The council diary where details of upcoming and past meetings have also been offline and will continue to be prior to the committee cycle resuming next week. The council says papers continue to be available, as they always were, and can be picked up in person at the city chambers. A spokesman said: 'We anticipate that the council diary will be available prior to the resumption of the committees after summer recess. However, in the meantime, papers are being provided to the media and are available to the public at the City Chambers, or on request.'
Glasgow Times
18-07-2025
- Glasgow Times
Glasgow City Council in update after cybersecurity incident
On Friday, teams investigating the issue which impacted some of the local authority's services reported that they have a 'high confidence' that the incident has been contained. The attack took place last month and hit servers operated by a third-party supplier to one of the council's ICT providers, CGI. It was discovered in the early morning of Thursday, June 19, when CGI discovered malicious activity on the servers. GCC stated that it acted quickly to isolate the affected servers, protecting the council's wider network. However, the council noted that by taking them offline, it unavoidably disrupted a number of its day-to-day digital and online services. READ NEXT: How George Square's £20m makeover will change City Chambers After seeking expert advice, the local authority says it took an early decision to proceed on the basis that data was likely to have been lost, and that this may have included customer data. Subsequent independent forensic analysis is now said to have found 'no evidence' of encryption or exfiltration of council or customer data. However, GCC will continue to 'monitor the situation closely'. The council stated that work to safely recover online services is 'well advanced' and will continue into August in some cases. Despite there being evidence that attempts were made to download data, these were all denied. The investigation is said to characterise the attack on the third-party supplier as 'opportunistic'. Access is said to have been gained through the supplier's network and not a council system or user. READ NEXT: Circus acts and dancers in 6 snaps at Merchant City Festival Although the incident has disrupted council services, the loss of some web-based services is said to have been caused by the isolation of the affected servers. GCC added that, wherever possible, it has put in place alternative ways to access services temporarily. It is understood that many of the highest priority services are now back online. A recovery plan is in place to restore each of the affected services, with all but a handful of applications – said to be dependent on external support – expected back online by mid-August. The council has apologised for the 'continued inconvenience' this will cause its customers.
Glasgow Times
12-07-2025
- Glasgow Times
Some Glasgow City Council online services still down
The local authority's ICT supplier CGI discovered malicious activity on servers managed by a third-party early in the morning of June 19. Servers where malicious activity was discovered were isolated to protect the wider network – but taking them offline disrupted a number of day-to-day digital services. Residents are still unable to pay parking and bus lane penalty charges online, however these can be paid over the phone. People who need replacement birth, marriage and death certificates also can't order these online currently. The council has advised many older certificates are available from other registrar offices, and it has 'put in place arrangements to order more recent certificates by email'. A temporary service for members of the public looking for property enquiry certificates has been set up as the online search is unavailable. However, the council's public access planning portal, which shows planning applications and allows representations on them, is up and running again. READ MORE: 'We apologise': Latest on Glasgow City Council's cyber attack Residents are once again able to book appointments with registrars and the council's revenues and benefits team and Strathclyde Pension Fund members can access their online accounts again. An online form allowing Freedom of Information requests is also available again. The council said: 'Wherever possible, we have put in place alternative ways to access services on a temporary basis. 'We are also actively working to safely restore the affected services in new locations, with several of the highest priority applications now restored.' Independent experts have completed a forensic examination of the affected servers and the council is awaiting a full analysis of their work. So far, investigations have not found any evidence of data being stolen, the council has said, and no council financial systems have been affected in the attack, with no details of bank accounts or credit/debit cards processed by those systems being compromised. Glasgow City Council is working with Police Scotland, the Scottish Cyber Co-ordination Centre, the National Cyber Security Centre and security experts brought in by CGI to investigate the attack.
