A cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.

The local authority has confirmed the attack started on June 19 and attributed it to a [1]supply chain issue involving a third-party contractor's supplier.

A council statement said: "Early in the morning of Thursday 19th June 2025, the council's ICT supplier CGI discovered malicious activity on servers managed by a third-party supplier.

[2]

"We are conducting an investigation into the incident, alongside Police Scotland, the Scottish Cyber Coordination Centre (SC3) and the National Cyber Security Centre.

[3]

[4]

"In the meantime, taking affected servers offline has disrupted a number of our day-to-day digital and online services.

"Glasgow City Council apologises for the anxiety and inconvenience this incident and the necessary response to it will undoubtedly cause."

[5]

The council said it can't yet confirm whether data has been exfiltrated from its environment, but is operating on a precautionary basis as though it has.

Online forms and calendars dominate the list of services that remain unavailable to locals. According to the council's [6]website , the following are down at the time of writing:

Application for Footway Crossing (dropped kerbs)

Bin Calendar

Certificate Online (births, deaths, marriages)

Comments and Compliments

Complaints

Council Diary

Elections

FOI Requests

Future Processions

Glasgow Film Office Location Library

Permits

Planning Enforcement

Planning Statutory Enforcement

Public Processions

Pupil Absence

Sign Language Interpreter Service (SLIS)

Taxi Complaints Form

Glasgow City Council said it contacted the UK's data protection watchdog on the basis that the suspected stolen data was taken from these web forms, and it warned customer data may be included.

No financial systems were compromised, it added, and any banking data can be considered safe.

The additional digital services that remain unavailable to residents include access to the council's planning portal, payment and appeals portal for parking tickets, pension management, registrar appointment booking, and callback appointment scheduling from the revenue and benefits department.

[7]

All of the above services remain unavailable due to defenders isolating systems, the council said, and not because of the attack itself.

Acknowledging the anxiety that residents may be feeling, the council warned them to be wary of potential phishing attacks using the data that may or may not be stolen.

"Until such time as we can ascertain if data has been stolen, and what this may be, we advise anyone who has used any of the affected forms to be particularly cautious about contact claiming to be from Glasgow City Council," it said.

[8]Qilin ransomware attack on NHS supplier contributed to patient fatality

[9]That WhatsApp from an Israeli infosec expert could be a Iranian phish

[10]Supply chain attacks surge with orgs 'flying blind' about dependencies

[11]French cybercrime police arrest five suspected BreachForums admins

Locals were also urged to report any attempted cybercrime to Police Scotland on the non-emergency 101 line, and consult the National Cyber Security Centre's guidance on managing data breaches for individuals and families.

Confirmed victims of financial fraud should get in touch with the Cyber and Fraud Hub, a nonprofit advisory service supported in part by the Cyber and Fraud Centre – Scotland.

"Security specialists reviewing this incident have confirmed that it was not caused by email," the council added.

"Email communication with the council remains safe – although, as always, you should be suspicious of any email which asks you to provide bank account details, passwords, or other secure information. The council will never ask you for details like that by email."

A CGI spokesperson told The Register : "CGI is working closely with Glasgow City Council and the relevant authorities on this incident. We take our cybersecurity obligations seriously and have robust protocols in place to identify, investigate, and remediate incidents to support business continuity for our clients."

Last month, Scotland's West Lothian Council said [12]it too was battling a cyberattack . Like Glasgow council, it did not reveal the nature of the intrusion, although the Interlock ransomware group swooped in to take credit.

The local authority for the region that borders Edinburgh, around 30 miles from Glasgow, said the attackers stole data belonging to schools, but the impact on exam delivery was said to be minimal.

Oxford City Council was the most recent authority in England to [13]confirm a breach when last week it revealed crooks had made off with 21 years of local election workers' data.

It is the latest of a long line of local authorities and public sector organizations in the UK to suffer IT disruptions in recent years, be it through suspected [14]streetlight-dimming ransomware , [15]freak electrical faults , or [16]sneaky insiders . ®

Get our [17]Tech Resources



[1] https://www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aF1umWalzlvzusCQbemQmwAAApQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umWalzlvzusCQbemQmwAAApQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umWalzlvzusCQbemQmwAAApQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aF1umWalzlvzusCQbemQmwAAApQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.glasgow.gov.uk/serviceimpact

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aF1umWalzlvzusCQbemQmwAAApQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2025/06/26/qilin_ransomware_nhs_death/

[9] https://www.theregister.com/2025/06/26/that_whatsapp_from_an_israeli/

[10] https://www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/

[11] https://www.theregister.com/2025/06/25/paris_police_claim_arrests_of/

[12] https://www.theregister.com/2025/05/22/west_lothian_school_ransomware/

[13] https://www.theregister.com/2025/06/20/oxford_city_council_breach/

[14] https://www.theregister.com/2024/04/23/leicester_streetlights_ransomware/

[15] https://www.theregister.com/2025/03/19/nottingham_outage_sitrep/

[16] https://www.theregister.com/2024/02/20/insider_steals_79000_email_addresses/

[17] https://whitepapers.theregister.com/