The Scottish Environment Protection Agency (SEPA) has been dealing with an ongoing data breach and ransomware attack since Christmas Eve 2020. The agency previously confirmed the theft of around 1.2 GB of data or around 4,000 files.

The files include business and staff information, some of it already publicly available and some of it internal, though the agency says it may never know the full details of the breach. While the cyberattack and ransomware is still currently active, SEPA has told reporters that it will not engage with criminals or use public funds to pay for the ransomware.

Some of the information stolen from the agency has since been published online, but Scotland Police have told individuals and organizations not to search for it, as accessing the host site may place their computer infrastructure at risk.

"We are continuing to respond to the ongoing ransomware attack likely to be by international serious and organized cyber-crime groups. The matter is subject to a live criminal investigation," the agency said on its website.