Comhairle nan Eilean Siar Cyber-Attack
The criminal investigation into the cyber-attack on Tuesday 7 November is ongoing and accordingly there are still many questions to be answered. There are also restrictions on what can be said at this time. This Q and A is a live document that will be updated as and when the investigation allows.
What has happened?
Comhairle nan Eilean Siar experienced a criminal cyber-attack on Tuesday 7 November.
How did this happen?
The full details around this incident are not yet known. Investigations are ongoing to establish exactly how this incident occurred.
How has this incident impacted the Comhairle?
The interim results of the forensic investigation following the cyber-attack on Tuesday, 7 November, has established that data stored on Comhairle nan Eilean Siar’s operational and backup servers cannot be accessed.
Is public information safe?
The Comhairle is working with Police Scotland, Scottish Government and the National Cyber Security Centre to establish the impact of this incident on the public. This is an ongoing investigation into a criminal act. Updates on the incident can be found on a dedicated page of the Comhairle’s temporary website: Cyber Updates.
There is currently no indication that any data has been extracted from the server or published, Comhairle nan Eilean Siar will communicate with the public and those affected if this situation changes.
What is the Comhairle doing about it?
The Comhairle is engaging with experts as the investigation into the impact of this incident continues. The Comhairle has established an Incident Management Team which will work to meet the Comhairle’s key priorities. The key priorities at this stage are:
- To identify if any information has been extracted from the server and inform those impacted.
- To rebuild operations and ensure the continued delivery of services to those in our community that need them most.
Is the Comhairle delivering services?
Yes. Despite the ongoing disruption the Comhairle is delivering most services. Updates on services can be found on the Comhairle’s website.
How can the public contact the Comhairle?
Comhairle nan Eilean Siar is asking members of the public to use email to make all general enquiries. Following the cyber-attack on 7 November the Comhairle has implemented a temporary phone system. While functional, the temporary system is not designed to handle a high numbers of calls.
An enquiry form is available on the Comhairle’s temporary website alongside a list of useful emails for frequently used services.
For individuals unable to use email, general enquiries can still be made over the phone by calling customer services on 01851 600501.
Is it safe to email the Comhairle?
Additional security measures have been put in place on the Comhairle email system. Many organisations are happy that these measures make email communication with Comhairle nan Eilean Siar safe.
When will the Comhairle have a fully functional website?
The Comhairle has set up a temporary website with key public information and a secure payment service. With this temporary website in place the Incident Management Team will now work alongside the Comhairle’s IT team to establish timescales for going live with a fully functional website.
Is it safe to make payments to the Comhairle?
Yes. The payment system we use is handled by capita who are fully PCI DSS compliant. The council doesn’t process payments internally. The payment link on the new site hands of to capita and they process the payments.
Capita Security Statement
All online card payments are protected by Transport Layer Security (TLS), as recommended by the Payment Card Industry Security Standards Council and are directly processed using the Pay360 by Capita service.
Capita’s online payment management solutions are independently and rigorously security assessed,and are certified by Visa and MasterCard as a Payment Card Industry Data Security Standard (PCI DSS) Level 1 payment processor.