Cyber Incident

On Thursday 12th September 2024, the website and email hosting company used by the Mull of Galloway Trust detected a breach on one of their servers.

Upon investigation, they discovered that an unauthorised third party had tried and failed to gain access to the Trust’s holiday cottage booking system.

The hosting company immediately took action to contain the breach, and no further unauthorised logins were detected. The incident was reported to the Information Commissioner’s Office and the National Cyber Security Centre.

The Trust also acted swiftly, following the recommended advice from Cyber Scotland as well as changing login details on all digital accounts immediately.

The hosting company have analysed their data logs for all their clients affected and concluded that the attack appeared to be financially motivated, with attempts to reset passwords to payment gateways through compromised email accounts.

The Trust had one email address involved in the incident (an unpublished address used solely for cottage booking administration) and the hosting company have provided detailed logs showing the activity during the attack which lasted about half an hour. Their conclusion, as well as that of an independent IT expert, is that there is no evidence that any personal data has been accessed or downloaded.

There is no evidence either that they accessed any of the email addresses used by Trustees, staff or customers, or that they gained access to either of the Trust’s websites.

The email accounts for info@lighthouseholidaycottages.co.uk and info@mull-of-galloway.co.uk were not involved in the security breach at all.

As an additional precaution, the Trust’s websites and all email accounts are being transferred to a new server.

The Mull of Galloway Trust take security very seriously and if you have any concerns about this incident, you can contact them on info@mull-of-galloway.co.uk or call 01776 980090.

Alex Peebles
Chair, Mull of Galloway Trust