Up to 13,000 email addresses were stolen from an Edinburgh City Council database after a cyber attack on 26 June.
Hackers breached the council's service provider, which is based in England, to gain access to the systems. It is believed that no other data was taken.
A spokesperson said that the council is contacting those affected to offer advice and support.
"We want to reassure the public that the ongoing security of our website is critically important, and we continue to work with our service providers to ensure that the risks associated with attacks are dealt with," they added.
The council confirmed to V3 that the hack was not the result of a recent move to a new transactional website.
William Buchanan, a professor in the School of Computing at Edinburgh Napier University, wrote about the council leak on LinkedIn, saying that those affected are at risk of phishing scams.
"At a first look, the hack doesn't look too serious as there does not seem to be any passwords involved," he said.
"All that has been revealed is email addresses, which can often be gained from other sources. The only threat would be in spear phishing of users with council-related emails."
Buchanan also published a copy of the email sent by the council to people affected by the data breach.
"If you had a password for the website, as a precaution we have reset your account and you will have to change your password the next time you log in," the email reads.
"This change does not apply to your MyGovScot account. It is possible that your email address might experience an increase in spam or phishing emails."
The Information Commissioner's Office has been informed of the incident, and the council's web service providers are taking preventative measures to protect against further attacks.
This is not the first time that Edinburgh City Council has suffered a data breach. The financial details of people who came to the council for debt advice were exposed in 2011.
It was revealed during the V3 Security Summit in September that ICO fines had passed £5m, and that local councils and the NHS were the worst offenders.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers