Glasgow City Council warns of parking scam messages amid ongoing cyber incident

Glasgow City Council has issued a warning over scam parking fine messages amid an ongoing cyber security incident that has affected a number of online services.

Earlier this week the local authority said its ICT supplier CGI discovered “malicious activity” on servers managed by a third-party supplier on Thursday June 19.

The council said it made the decision to take affected servers offline while investigations are carried out, which has has disrupted a number of its day-to-day digital and online services.

These include viewing and commenting on planning applications and paying penalty charges for parking or bus lane contraventions, while some online diaries and calendars not available, such as bin collection schedules.

On Friday evening the council said it had become aware of “suspicious messages” being sent to some people in the city and the wider region, directing recipients to pay outstanding parking fines online.

It said it was investigating these texts “as a matter of urgency”, and that details of the messages had been shared with police and national cyber security teams assisting them.

The local authority made clear that it does not use text messages to chase the payment of parking fines, and that it would never call, email or message someone asking for their bank details.

The council said if anybody does need to pay a parking penalty, they should do so by calling the number displayed on the penalty charge notice (PCN).

In a statement earlier this week a spokesperson for the council said they “can’t confirm” whether any data had been stolen in the incident.

It went on: “As a precaution, we are operating on the presumption that customer data related to the currently unavailable web forms may have been exfiltrated, and we have contacted the Information Commissioner’s Office on this basis.

“Until such time as we can ascertain if data has been stolen, and what this may be, we advise anyone who has used any of the affected forms to be particularly cautious about any contact claiming to be from Glasgow City Council.

“Glasgow City Council apologises for the anxiety and inconvenience this will undoubtedly cause.”

The council said that they “can’t totally discount” that the scam messages involve stolen data but that the “early indications” are that it is either the work of opportunistic criminals, or a more widespread scam.

The local authority added that no financial systems have been affected and no details of bank accounts or credit/debit cards processed by those systems have been compromised.

Police Scotland are involved in investigating the cyber incident, along with the council, the Scottish Cyber Co-ordination Centre and the National Cyber Security Centre.

It is the third time in recent months that a local authority has been hit by a cyber attack, after Edinburgh and West Lothian councils were targeted in May.

Anyone contacted by someone claiming to have their data is advised to contact Police Scotland on 101 or call the Cyber Incident Response Helpline on 0800 1670 623.