The local authority for Scotland’s largest city announces that  ‘forensic examination’ of the affected infrastructure has now been completed, with initial presumptions of exfiltration not yet having been borne out

Following a recent cyberattack, Glasgow City Council has revealed that no evidence has yet emerged to suggest that any data held by the authority was stolen or encrypted during the incident.

When it revealed the discovery of the attack almost a month ago, the council indicated that a number of services had been taken out of action as a result. Glasgow also said that it was “operating on the presumption” that citizen data could have been stolen during the assault.

In a subsequent update announcing that “a forensic examination of the affected servers by independent experts is now complete”, the council appeared to have better news for Glaswegians worried about their information.

“We are awaiting a full analysis of this work – however, as things stand, investigations have not found any evidence of data being encrypted or exfiltrated,” the update said. “No council financial systems have been affected in this attack and no details of bank accounts or credit/debit cards processed by those systems have been compromised.”

Related content

• Glasgow Council: ‘This is not a technology strategy, and cannot be delivered by technology alone’
• West Lothian Council says personal data stolen in cyberattack on education network
• Glasgow unveils strategy for digitally excluded households

Despite this, the council is “still advising anyone who has used any of the affected services to be particularly cautious about contact claiming to be from Glasgow City Council [and], if you are contacted by someone claiming to have your data, you should contact Police Scotland”, the authority’s latest update added.

A range of online services were reported to have been impacted by the fallout from the cyberattack, including the likes of platforms for planning applications, the payment of parking fines, reporting school absences and ordering official certificates.  

There has been some progress in restoring these services, but work is ongoing, Glasgow indicated it is latest update.

“Early in the morning of Thursday 19 June 2025, our ICT supplier CGI discovered malicious activity on servers managed by a third-party supplier,” the authority said. “We acted quickly to isolate these servers, protecting our wider network – but taking them offline has disrupted a number of our day-to-day digital and online services. We are conducting an investigation into the incident, alongside Police Scotland, the Scottish Cyber Coordination Centre and the National Cyber Security Centre. In parallel, we are working to recover the services that have been taken offline on new servers, when it is safe to do so – with some of the highest priority applications now back in use. We are sorry that this incident will have caused real anxiety to people who have used our online services – and frustration for those unable to access those services now.”