In 2021, according to Identify Theft Resource Center, there were 1,862 data breaches worldwide, a 68% increase from the year before, with 1,108 data breaches occurring in 2020.

As Scottish Cyber Security consultants, we thought it would be a good idea to explore some of the recent Scottish data breaches that have made their way to the news.

HIV ScotlandEmail Leak

A data breach that occurred in Scotland last year, which easily received the most media attention, involved the Scottish charity ‘HIV Scotland’ who work toward improving the lives of Scottish citizens living with HIV.

An email that contained the personal details of dozens of people connected to the charity was sent out to 105 people. Included in the email’s recipients were patient advocates representing HIV patients in Scotland.

This case gained a lot of media attention due to the sensitive nature of the leak. The victims of the data breach were the very people the charity was built to help and protect.

The HIV Scotland data breach resulted in a fine of £10,000 being issued by the Information Commissioners’ Office (ICO), with HIV Scotland’s interim chief executive, Alastair Hudson stating:

“As an organisation, HIV Scotland would like to re-iterate its commitment to providing a safe and supportive space where our stakeholders and networks can contribute to better health and wellbeing for those impacted by HIV and improving sexual health for all.”

HIV Scotland have publicly stated they’ve taken “robust steps” to improve their cyber-security.

Brechin High SchoolCyber Attack

In June of 2021, while the students at Brechin High School prepared for their summer holidays, a “serious cyberattack” resulted in a data breach containing sensitive information of pupils was released.

The data that was extracted included details of the student’s mental health struggles and their learning difficulties, over 1,800 emergency contacts, and an excel spreadsheet of their recent exam results.

However, what’s worse than one data breach…? Two!

That’s right… Brechin High School was victim to another data breach in 2019. The leak, again, involved the sensitive information of pupil’s that suffer from learning difficulties, in which the breached data was revealed during a presentation at the school.

According to The Courier, Police Scotland stated that investigations were ongoing. However, we’re unable to find any information regarding the outcome of said investigation.

The Scottish Environment Protection Agency (SEPA)Cyber Attack

The attack on SEPA’s communication systems occurred at 1 minute past midnight on Christmas Eve, 2020. During the ransomware attack, an estimated 1.2 GB of data was breached, which included around 4,000 files. SEPA confirmed that the stolen information has now been published online, by whoever conducted the attack.

Due to the sophistication of the attack, Police Scotland made a statement that they suspect a well-organised, international cybercrime group to be responsible for the extortion attempt.

A report by the Scottish Business Resilience Centre (SBRC) included evidence that the cybercrime group had made a second attempt to attack SEPA’s systems, while they tried to recover the stolen data.

The report stated, “This attack displayed significant stealth and malicious sophistication with a secondary and deliberate attempt to compromise SEPA systems as the team endeavoured to recover and restore back-ups.”

SEPA described the attack to be a “hideous, internationally orchestrated crime which impacted our organisation, our staff, our public and private partners” giving the public an insight on the serious effect these cyberattacks can have on an organisation.   

Unfortunately, little information has been revolved about the “international group” behind the attack.

How Ascent Cyber Can Help!

Fortunately, our specialist team can help improve your business’ cybersecurity.

Our Cyber Essentials and Cyber Essentials Plus service will help you prepare for a cyberattack and reduce the likelihood of your business being included in a blog like this one. If you’re interested, you can contact us for a free cyber security consultation today.

Alternatively, you can educate your workforce in the skills required to protect your business from cyberattacks in the ever-evolving digital world with our comprehensive and in-depth Cyber Defence Staff Training programme.