Scottish hairdressing firm warns of cyber attack threat

A Scottish hairdressing business has warned firms about the threat of cyber attacks after being forced to pay a ransom to hackers.

Ellen Conlin Hair & Beauty, which has salons in Glasgow and Giffnock said it paid 1,000 euros in bitcoins through a third party after its system was hacked earlier this month.

The hackers had locked its database and threatened to delete information.

The firm said it decided to pay because it could not afford to lose business.

Police Scotland said its cyber crime unit was investigating the incident.

Last week, TalkTalk reported that it had received an email demanding a ransom following a cyber attack. A 15-year-old boy was later arrested in North Ireland in connection with the attack.

Ellen Conlin revealed the attack on its own business in a statement on Facebook last week.

Ellen Conlin commercial director Ken Main told BBC Scotland that the hackers had used a Russian email address.

He said they broke into a system used to store appointments, wage details, client histories and stock information but stressed that the attack did not involve any personal data of clients.

He said: "We paid the ransom and have now got some of the information back. However, our appointments system was wiped and we are asking our customers to contact us to confirm their bookings."

Mr Main, who jointly owns Ellen Conlin, said it was unclear which police force was investigating the hacking attack as the company that runs the software used by the salon is based in the south of England.

In a statement, Police Scotland said: "Inquiries were undertaken initially to establish where the crime took place.

"Police Scotland's cyber crime unit is currently investigating an inquiry in relation to a Glasgow-based business and an associated ICT company in England.

"Inquiries are ongoing and it is inappropriate to comment further at this time."

Colin Borland, of the Federation of Small Businesses in Scotland, said the Ellen Conlin case was the first of its type he had heard of in Scotland but "would put a substantial amount of money on the fact it's not the first time it has happened".

He said: "Cyber crime is massively under-reported and it is partly because people don't want to admit they have been conned or caught out for fear of scaring customers.

"You don't want to give the impression that you might be a soft touch, but it can happen to anyone as we've seen recently, and as big companies tighten up their online security then these criminals are going to be looking elsewhere.

"We advise members to follow the advice of the Scottish Business Resilience Centre to stay safe online and look into insurance against this kind of attack of data loss.

"Everyone will have insurance for their property or vehicle but very valuable data is often not insured and people should consider that."