Information on thousands of environmental checks and pollution breaches over 15 months has been permanently lost because of a cyber attack, according to the Scottish Government’s green watchdog.
The Scottish Environment Protection Agency (Sepa) has admitted that it cannot recover information from its national monitoring, compliance and enforcement databases in 2019 and 2020 because “information no longer exists”.
Sepa also disclosed that data on inspections and enforcement actions against polluters had been lost from staff computers.
Campaigners warned that Scotland’s environment is now suffering because Sepa is “completely gutted, destroyed and incapable of functioning”. They have called for Scottish ministers to take action to ensure the environment is protected.
One former Sepa boss described the lost databases as a “disaster”, suggesting that “chancers and criminals” could have been given “a free pass”. Large parts of Sepa’s work had been “undoubtedly crippled”, said an expert.
Sepa stressed that recovering from organised cyber crime was “challenging and complex”. It said it was “confident that we’ll recover the most important environmental data”.
The revelations come in the wake of a report by Audit Scotland on 1 February saying that the cyber attack meant £42 million of Sepa’s income couldn’t be verified. Sepa also had to write off £2 million in fees due to lost records.
The attack against Sepa’s computers was launched on Christmas Eve 2020 by an international criminal gang known as Conti, which has reportedly attacked more than 400 organisations worldwide. It demanded a ransom, which Sepa refused to pay.
Picture: Pollution on the banks of the River Leven at Renton, Dunbartonshire.