The Chief Executive of the Scottish Environmental Protection Agency (SEPA) has said it could take more than a year before its systems are fully restored, according to a report in The Times newspaper this morning.
Terry A’Hearn told the newspaper it could be ”well into 2022” before its systems are restored fully, although it has made a partial recovery in some areas.
The Scottish Environment Protection Agency first confirmed on Christmas Eve 2020 that it was responding to a significant cyber-attack affecting its contact centre, internal systems, processes and communications after learning that 1.2 GB of data (information) had been stolen by an international cyber-crime group.
At a later date SEPA learned that the information amounted to just over 4,000 files. On 21 January 2021 the Agency then learned that the information stolen had been published online illegally following the environmental watchdog’s refusal to pay a ransom.
Cyber security specialists identified the theft of circa 1.2 GB on data despite systems being certified to UK Government security standards.
SEPA has separately said it “will not engage with likely international serious and organised criminals intent on disrupting public services and extorting public funds.”
Continuing live criminal investigation – “complex and sophisticated criminality”
The attack is subject to a continuing live criminal investigation – SEPA’s Emergency Management Team is working with Scottish Government, Police Scotland and the National Cyber Security Centre to respond to what is described as “complex and sophisticated criminality.”
This week the Agency published the third in a series of weekly service status updates in response to the Christmas Eve cyber-attack which it says continues to “significantly impact” the agency’s organisation and infrastructure, including its internal systems and services.
Terry A’Hearn, Chief Executive of SEPA, said:
“Whilst confronted by a sophisticated criminal cyber-attack we’ve been clear that we won’t use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
“Sadly cyber-crime is an increasing challenge for Scotland’s businesses and public sector partners and service recovery takes time. Whilst, for the time being, we’ve lost access to our data and systems, what we haven’t lost is the expertise of our 1,200 staff. Since Christmas Eve, teams across the agency have been working flat-out to restore our services as quickly as possible. We’ve made good progress in the first few weeks and we’re already seeing more come back online.
“We’re issuing weekly updates on our recovery and service status to be clear on what those we work with can expect and how we’ll prioritise progress and we’re continuing to speak with and listen to regulated businesses and other stakeholders.”
SEPA’s email systems, staff schedules, some data products and reporting tools remain impacted and offline. Information submitted to SEPA since Christmas Eve, including by email, is not currently accessible. “For the time being we’ve lost access to most of our systems,” the status update says.
Data published online may have included personal data of staff, customers and suppliers
The information that was published online may also have included some personal data of SEPA’s staff, customers and its suppliers.
SEPA has disconnected its IT systems to avoid any further unauthorised access. However, the status update says:
“Unfortunately, we’re unable to take down the information that is already online.”
“We’re working hard to assess the large amount of information that was published online. Should we need to notify anyone whose information is impacted we will do so as soon as possible in accordance with data protection law.”
“It is important for us to be clear that this is a sophisticated criminal cyberattack that has had a major impact on the way SEPA works. While we have already achieved a lot in the first month, it is likely to take many months to fully recover our capacity to do all of our work.”
As a first step the Agency said it had already moved to restore critical services including:
- Delivery of nationally important flood forecasting and warning products, with flood alerts and warnings being issued within 24 hours of the attack;
- Contact centre and some web self-help services have been restored, including SEPA’s Floodline, 24 Hour Pollution Hotline and environmental event online reporting; and
- Maintained its ability to respond to significant environmental events
In a TV show that will explain the complex journey of the wastewater treatment process, Lakeside Equipment Corporation is set to feature in US Public Television’s All Access program with Andy Garcia.
Environmental Services & Solutions (ESS) Expo, the UK’s largest environmental event, has released the full speaker programme for its 2025 event, which now features seven shows spanning all corners of the environmental sector, under one roof at the NEC Birmingham.
We are exhibiting at WWEM – Water, Wastewater and Environmental Management Expo, which is one of the eight exhibitions taking place at the NEC, Birmingham 17-18 September 2025 as part of ESS Expo 2025. Please come along and visit us at Stand WW-S60.
Publication of the Independent Water Commission’s Final Report, alongside new legislation and updated national standards, marks a major turning point in the wider adoption of sustainable drainage systems (SuDS) by water companies and developers, according to Alex Stephenson, director, SuDSPlanter.
Hear how United Utilities is accelerating its investment to reduce spills from storm overflows across the Northwest.
Find out more about the remarkable career opportunities on offer at WSP - scroll down to watch the inspirational video. 
What is to be done about the UK’s failing utilities? Listen to Professor Dieter Helm explore the options to tackle the UK’s failing utilities – Thames Water, the Royal Mail and Network Rail in particular.