West Lothian Council has confirmed that ransomware actors have stolen “personal and sensitive” information stored on its education network.

The Scottish local authority said in a May 21 update that it is now in the process of contacting parents and carers at every school in West Lothian to inform them of the breach.

It is also offering advice to those impacted, warning them to be vigilant of phishing attacks and changing passwords for online accounts.

“Only a small amount of the overall data held on our education servers was stolen, and the majority of information held on them relates to operational issues for schools, such as lesson plans, that do not contain any personal details. We are aware that some personal or sensitive data is among the information stolen by criminals,” the Council noted.

A risk assessment has been carried out on any potential child protection issues at each of the schools affected, with appropriate action taken if required.

There is no evidence that highly sensitive data such as confidential pupil records, financial details for payments made to schools and social work records have been affected by the breach.

The Council had earlier revealed that its education network had been hit by a “sophisticated cyber-attack” on May 6, impacting IT systems used by its 13 secondary schools, 69 primary schools and 61 nurseries.

It isolated this network from the rest of its IT infrastructure to prevent further infiltration.

In the latest update, the authority said that its education network remains separated from the rest of its system, including corporate and public access networks.

It is working with Police Scotland and the Scottish government to investigate the incident.

Work has been undertaken to minimize disruption to education, including exams. Current contingency plans are expected to continue until the end of the current school term.

“We would like to offer our sincere apologies to anyone potentially affected by this criminal cyber-attack,” the Council said.

Interlock Gang Claims Attack, Posts Data Online

The attack has been claimed by the Interlock ransomware group, which has added West Lothian Council to its data leak site.

It alleges to have stolen 2.63 TB of data, which includes 3,349,196 files and 580,783 folders.

An analysis by Comparitech observed that the proof pack contains images of passports, driver’s licenses and various other documents.

The research firm said it has tracked 16 confirmed attacks by the group since October 2024, with government entities and education providers frequently targeted.

This includes an attack on Texas Tech University Health Sciences Center (TTUHSC) in September 2024, which compromised the personal and medical information of 1.4 million individuals.