A cyber security expert fears that hackers who carried out a cyber attack on Glasgow City Council may have been attempting to harvest personal data for identity thefts.
Dr Omair Uthmani, who leads programmes on networking and security at Glasgow Caledonian University, believes that identity theft is a “big concern” following the attacks on June 19, and that pensioners are “particularly vulnerable”.
Several council services remain offline more than a week after the “malicious” attack was identified. The council has not yet confirmed that data has been removed, but says that it is operating on the assumption that customer data relating to the currently unavailable pages has been stolen.
Identity theft a “big concern” in council cyber attack
Dr Uthmani researches digital security, secure information sharing, malware investigation, and identity and privacy in the digital age. He says public bodies are more vulnerable to cyber attacks as they don’t have access to the resources corporate entities spend on cyber security, leading to attacks widely across the public sector.
“We’re seeing primary schools being targeted. These are institutions that don’t generally have large amounts of funds available, and because of that, it leads us to believe that it’s not the financial data that is being targeted here, but personally identifiable information.
“Glasgow City Council has quickly told us that their financial systems are up and running and have not been compromised, so that suggests that it’s personally identifiable information that has been compromised. The biggest threat with that is that, if you have a username or password compromised, you can easily change that; but you can’t change your first name, last name, telephone number, address and things along those lines.
“Typically, that’s the type of data you use when you’re signing up for online subscriptions. Identity theft would be a big concern for people affected.”
Pensioners are “particularly vulnerable” after attack
Dr Uthmani warned that the hack may have compromised the personal data of people in receipt of their pensions, a demographic that is “particularly vulnerable” to phishing attacks by scammers pretending to be from a person’s bank or other businesses they interact with.
He said: “The council still hasn’t confirmed this, but if that data has been taken, then you have a very rich data set of people in receipt of their pensions that might be a good demographic to go after.”
Treat unusual calls, texts and emails with suspicion
Dr Uthmani warns that, if personal data has been stolen, the people affected might receive scam calls, texts, letters and emails. He urged Glaswegians to exercise extra caution in the coming months.
Dr Uthmani said: “One of the things the council will do, once they’ve narrowed down their investigation, is let people know if their data has been exfiltrated. Assuming the data has been exfiltrated, you will usually see it being used in the next first months.
“So, in the next few months, if you are receiving unusual calls, emails, letters and so on, being a little more pro-active and suspicious is a healthy response to that. Other than that, there is really very little we can do about it; it’s the data custodians who need to make sure that systems are more robust, which I assume they are probably doing.”
Hacking is now “a lot easier”
Dr Uthmani says the greater prevalence of cyber attacks on public sector bodies in the UK stems from an increase in the data held online as we become a more data-centred society. He adds that it is now easier for people without hacking skills to carry out attacks.
He said: “One of the hacking groups has diverted from being a group that launches attacks to one that provides their tools as an off-the-shelf product to others. We have seen groups without the technical expertise that hackers would generally have. It has become a service architecture.
“It has become a lot easier. You now don’t have to develop tools and expertise in that area, you can just purchase them, and in some instances rent them, to launch attacks.”
Figures released by the UK government this month show that four in ten businesses and three in ten charities have been hit by cyber attacks in the last twelve months.
Proactive response to the cyber attack was “quick”
In May 2024, GCC announced that it was transferring its IT services to a supplier called the CGI group, which Dr Uthmani describes as a “mature player” in the IT services industry. “That shows, because very quickly after the hack happened, they were able to detect what they called an ‘unusual’ movement of data,” Dr Uthmani said. “In the past, larger organisations have been hacked and they haven’t detected it for months.
“This was quite a quick turnaround for detection, and the multi-agency response seems to be something that had already been planned in the event that something like this would happen.
“It indicates to us that this is a more mature response from public sector organisations. “
Dr Uthmani said the quick detection and pre-planned multi-agency response gives him cause for hope, adding: “The multi-agency response has happened very quickly, the council has told the public very quickly, and they have proactively taken a lot of these services offline.
“I assume that, once they have narrowed-down their investigation, they can bring these up quite quickly. That’s because the council has CGI and its subcontractors, and if you have an organisation that has some maturity in this area, these are the responses you would expect.
“We’re seeing much better responses and more robust systems from the public sector.”
What the council says
In a statement, the council said: “Glasgow City Council is currently being impacted by a cyber incident which is disrupting a number of online services and which may have involved the theft of customer data. Early in the morning of Thursday June 19 2025, the council’s ICT supplier CGI discovered malicious activity on servers managed by a third-party supplier.
“We are conducting an investigation into the incident, alongside Police Scotland, the Scottish Cyber Coordination Centre (SC3) and the National Cyber Security Centre. In the meantime, taking affected servers offline has disrupted a number of our day-to-day digital and online services.
“Glasgow City Council apologises for the anxiety and inconvenience this incident and the necessary response to it will undoubtedly cause.”
“At this stage we can’t confirm whether data has actually been removed and, if so, what that data is. As a precaution, we are operating on the presumption that customer data related to the currently unavailable web forms may have been exfiltrated, and we have contacted the Information Commissioner’s Office (ICO) on this basis.
“No council financial systems have been affected in this attack and no details of bank accounts or credit/debit cards processed by those systems have been compromised.
“Until such time as we can ascertain if data has been stolen, and what this may be, we advise anyone who has used any of the affected forms to be particularly cautious about contact claiming to be from Glasgow City Council.”
Sign up to our daily Glasgow Live newsletter here to receive news and features direct to your inbox
Join Glasgow Live’s WhatsApp community here and get the latest news sent straight to your messages.