Edinburgh city council was the victim of a “malicious cyber attack” late last month, which led to the theft of more than 13,000 email addresses.
The cyber attack was targeted at a service provider based in England that hosts the council’s website.
Owners of the compromised email addresses have been warned of a potential increase in spam or phishing emails.
They’ve also been assured that no other personal details were accessed.
A council spokeswoman said: “This was a malicious cyber attack on the council’s website which is hosted in a UK data centre. It was dealt with swiftly and at no point were any council services affected.
“We are contacting everyone who has been affected to inform them of the incident and offer them advice and support. We have reassured individuals that the only details that have been accessed are their email addresses.
“The Information Commissioner’s Office has been informed and preventative measures have been taken by the web service providers.”
William Buchanan, a professor of computer security at Napier University, raised some concerns in his blog post about the attack:
“The worry here is that the public sector, but in the UK and the US, are generally struggling to keep up with modern computer security standards, especially in implementing IDS – Intrusion Detection Systems – and SIEM – Security Information and Event Management.”