Further information - unauthorised email access September 2024

Unauthorised access to eight emails in one Perth and Kinross Council user account was identified on 24 September 2024. This may have included limited access to some invoicing details, including bank account and sort code numbers, for some individuals and companies who supply services to Perth and Kinross Council and some customers of our commercial waste services. Individuals who have been affected will be contacted directly, in the meantime we have compiled a list of questions and answers which may be useful.

For further information about protecting yourself from spam emails or phishing attacks visit the Get Safe Online website.

What information was affected?

Names, bank account numbers and sort codes.

Do hackers have my address?

No, no addresses were in any of the information affected.

Can they buy things online with my account?

No, this would require additional information, such as a card number, expiry and CVV number.

Can they get into my bank account?

No, this would require significantly more information and authentication methods specific to you.

Do I need to change my bank account or notify my bank?

No, there is no requirement to do this. In general, we would recommend you contact your bank if you see suspicious transactions on your account, but that is general advice not specific to this incident.

What if I want to change my bank account anyway?

That is your choice. However, please be aware that just as our robust financial checking processes prevented further damage from this attack, you may need to go through additional verification to ensure that you are legitimately asking for the Council to change your payment details following a change of bank account. This is to protect your payments from being changed fraudulently.

What's the worst thing they could do with this information?

This information could make a scammer seem more believable if they were trying to convince you that they were the Council or another entity that might have your bank account details. This is why it is important to remain vigilant of suspicious or unexpected emails, and check anything that doesn't seem quite right with your usual Council contact. If anything seems strange in an email, don't click links or open attachments, or follow instructions in the email, until you've verified it with your usual contact. Any the Council emails will come from @pkc.gov.uk addresses and will usually be through your usual Council contact. If you have any questions or concerns, please don't hesitate to check that out, whether that's saying it's coming from the Council or any other entity. If you are worried you have clicked on something, check with the person or company involved, and notify your bank if you believe you have provided payment details.