Highlands and Islands Airports (Hial) has been hit by an email “phishing” attack which has resulted in complaints from people whose contact details were taken in the online scam.
A document released by the Scottish Government-owned airport operator revealed that the attacker had obtained contacts, but not company or personal information “as far as Hial can establish.”
Last night the organisation, which runs 10 terminals around the Highlands and Island and northern isles and Dundee Airport, declined to say how many people had been affected, but said it was continuing to update its IT practices and software to prevent further attacks.
The cybercrime of phishing involves attempts to acquire private or sensitive information from personal computers for use in fraudulent activities. It is usually done by sending emails that appear to come from credible sources.
The attack on Inverness-headquartered Hial, was revealed in minutes of a meeting of its board, held at Dundee Airport earlier this month.
The document records a report to the group by Hial’s data protection officer, Liz Taylor, part of which has been redacted under a Freedom of Information rules covering disclosure of material that would prejudice the commercial interests of an organisation.
It said: “Ms Taylor provided an update on the data breach that was reported to the regulator, this was not as serious as first thought as there was not much information in the email box breached. The person(s) who breached that email box managed to get access to contacts but not company or personal information as far as Hial can establish.”
Following a redacted section, the minute continued: “A number of complaints have been received by Hial and Ms Taylor suggested including data breach complaints in her usual report to the board each quarter.”
>> Keep up to date with the latest news with The P&J newsletter
She also told the meeting that each person affected by any Hial data breach would be contacted individually and details of how to make a complaint were available on the organisation’s website.
The minute noted that Hial’s interim chairwoman, Lorna Jack, was “comfortable that Hial has covered this risk and taken reasonable steps to resolve and prevent such incidents.”
Last night a Hial spokesman said: “Our IT team detected a phishing attack – an attempt to fraudulently obtain data.
“On this occasion an email inbox was compromised but contained limited information. We continue to update IT practices and associated software to ensure such attacks can be prevented.”
He declined to give any further details.