
Cyber criminals have stolen “personal or sensitive” data during a ransomware attack on West Lothian Council’s education network, the local authority has confirmed.
The council is contacting parents or carers at every school as well as education staff to inform them of the theft and provide advice.
It said most of the stolen data related to operational issues such as lesson planning, but officials have now established that some personal information was also taken.
Confidential pupil records, financial data and social work records are stored on different systems, but officials said they could not rule out the possibility that medical or social work information has been stolen by the criminals.
Scotland News understands a group called Interlock has claimed it is behind the attack.
Such groups operate by using malicious software to encrypt an organisation’s files, then demand a payment with a threat to publish the material online if no ransom is paid.
The council was alerted two weeks ago to a suspected cyberattack affecting IT systems used by its 13 secondary schools, 69 primary schools and 61 nurseries.
The education network was quickly isolated from the rest of the council’s computer systems, and it said there was no evidence these other systems were affected.
It’s understood the council was made aware of the sensitive data stolen after being alerted to a scanned passport online.
It is not known if the passport was for a child or adult.
Schools have remained open with contingency plans minimising disruption to education including SQA exams.
Police Scotland and other external agencies are investigating the attack.
In a new update, West Lothian Council said: “It has now been confirmed that a small percentage of the overall data stored on the education network has been stolen.
“We are aware that some personal or sensitive data is among the information stolen by criminals.”
The council said less than 10% of all data from the server has been stolen.

The council urged people to be vigilant in case the stolen data was used for further criminal activity such as phishing attacks or other scams.
Changing passwords and making sure the new ones are strong and unique is also recommended.
Parents are asked not to contact schools directly or the council’s customer support line, but are instead being referred to the cyber and fraud hub for more advice.
The cyber attack on West Lothian Council is among a wave of attacks on businesses in recent weeks including major retailers such as the Marks & Spencer, the Co-op and Harrods.