Cyber criminals who stole thousands of digital files belonging to environmental regulator SEPA have published them on the internet.
The public body had about 1.2GB of data stolen from its digital systems on Christmas Eve.
SEPA rejected a ransom demand for the attack, which has been claimed by the international Conti ransomware group.
Contracts, strategy documents and databases are among the 4,000 files released.
The data has been put on the dark web – a part of the internet associated with criminality and only accessible through specialised software.
SEPA chief executive Terry A'Hearn said: "We've been clear that we won't use public finance to pay serious and organised criminals intent on disrupting public services and extorting public funds.
"We have made our legal obligations and duty of care on the sensitive handling of data a high priority and, following Police Scotland advice, are confirming that data stolen has been illegally published online.
"We're working quickly with multi-agency partners to recover and analyse data then, as identifications are confirmed, contact and support affected organisations and individuals."