FOI Request Cyber Attacks Last 3 Years at Moray Council

Request 101001500725

I would like to make a Freedom of Information request relating to cyber attacks to your organisation
By cyber attack I am referring to the unauthorised access or deliberate disruption of a computer system or a device.
Types of cyber attack could include, but are not limited to: ransomware, denial of service, phishing and spear phishing etc
By data, I am referring to any information held on your computer systems or devices
Please could you answer the following:-

1. Does your organisation keep an incident log of cyber attacks?
2. How many cyber attacks - attempted and successful - were recorded against your organisation in the last three financial years, year-by-year (ie 2014/15, 2015/16, 2016/17)?
3. Where cyber attacks were successful, what kind of data and what amount of data, if any, was lost or stolen? Was it confidential?
4. For each case, please confirm:- the type of attack (eg ransomware, denial of service etc)
What demand, if any, was made to resolve the attack? Did the organisation comply?
Whether the attack was reported to police or other responsible authority? Was the attacker traced/convicted?

Response 05-06-2017

1. Yes

2. This information is exempt under section 25 of the Freedom of Information (Scotland) Act 2002- Information Otherwise Accessible. for ease of use please find it on the Moray Council website at the following links:

FOI Request Cyber Security Breaches - The Moray Council

FOI Request - Cyber Attacks - The Moray Council

3. Not applicable

4. Not applicable