A ransomware attack on West Lothian Council’s education network in the UK has resulted in the theft of personal and sensitive data, the council has confirmed. While most stolen data relates to operational matters like lesson planning, officials now acknowledge that some personal information may also have been taken. This could potentially include medical or social work data.

The suspected cybercriminal group Interlock has claimed responsibility. Their tactic involved encrypting data and threatening to leak it unless a ransom is paid. A scanned passport discovered online first alerted the council to the breach, which affected IT systems in 13 secondary schools, 69 primary schools, and 61 nurseries.

The council is not ruling out future misuse of the stolen information, with up to 10% of data stolen. Parents, carers, and staff are being informed and advised to remain vigilant, particularly against phishing scams, and to change passwords. The Scottish Cyber Coordination Centre and Police Scotland are investigating, with support from the Scottish government.

This attack highlights the urgent need for robust network and endpoint monitoring, ransomware resilience, and vulnerability scanning across public sector systems. Educational institutions often hold highly sensitive data, and failing to detect or mitigate intrusions swiftly can endanger student safety and public trust. Proactive defense — not reactive containment — must be the norm in today's threat landscape. Read more about this story on our LinkedIn page