An environmental regulator in Scotland has confirmed that at least 4,000 files have been accessed and likely stolen by criminals in an ongoing cyberattack on its systems.

The Scottish Environment Protection Agency (SEPA) said 1.2GB of data was stolen, including information not publicly available. SEPA also said this week that it believed the attack, which began on Christmas Eve, was “likely to be by an international serious and organised cyber-crime group”.

The full detail of the data accessed is not known, but it is understood to have included permits, authorisations, site notices, corporate business documents, procurement and project information and personal information about staff.

SEPA has now established a team to identify specific data that has been lost and to contact individual organisations and businesses affected.

“We have prioritised our legal obligations and duty of care on the sensitive handling of data very seriously” said Terry A’Hearn, Chief Executive of SEPA.

A number of internal systems, including email, remain offline to protect security and the investigation, but it says priority regulatory services continue to operate. Some systems may need to be replaced entirely as a result, SEPA says.

 A’Hearn, said: “While having moved quickly to isolate our systems, cyber security specialists, working with SEPA, Scottish Government, Police Scotland and the National Cyber Security Centre have now confirmed the significance of the ongoing incident. Partners have confirmed that SEPA remains subject to an ongoing ransomware attack likely to be by international serious and organised cyber-crime groups intent on disrupting public services and extorting public funds.”