LAST UPDATE | 17 Apr 2023
AN INVESTIGATION IS underway into a ransomware attack on a data management company in Northern Ireland that holds data for charities and non-profits, including several organisations working with sexual assault survivors.
The PSNI has confirmed that it received a report of a cyber incident on 30 March and referred the case to specialist detectives in its Cyber Crime Investigation Team, where enquiries are still ongoing.
The company, Evide, manages data for its clients, who are charged between £720 and £1,200 a year for its services, according to the company’s website.
The Data Protection Commission and National Cyber Security Centre have been notified of the breach.
Speaking to RTÉ’s News at One, Minister of State for eGovernment Ossian Smyth confirmed that a number of organisations in the Republic of Ireland have been affected.
“Some of them are community and voluntary and four of them are dealing with sexual abuse and rape,” Smyth said.
“For people who are the users of those services or people who have trusted to share their data with those organisations, I can understand that they would be very worried and worried that they have shared the most confidential, intimate information,” he said.
Smyth said that the data of 2,000 people in the Republic of Ireland have been impacted by the attack.
He said the PSNI in Northern Ireland is carrying out a criminal investigation into the attack, adding that the force is co-operating with An Garda Síochána.
“All of the people whose data has been comprised will be contacted,” he said.
One of the organisations affected by the cyber attack is One in Four, a charity based in Dublin that supports adult survivors of childhood sexual abuse. Data relating to around 1,000 people linked to this organisation alone are believed to have been subject to the attack.
Speaking to RTÉ Radio One’s Morning Ireland programme, One in Four CEO Maeve Lewis said the charity was made aware that its clients’ personal data had been accessed.
“That means that email addresses, phone numbers and so on have been accessed. We are being told by the cybersecurity experts that that data is very valuable, because it can be sold to people who then go on to try to commit fraud by, for example, getting bank account details or other personal data,” Lewis outlined.
The CEO explained that the charity is not certain whether sensitive information, such as the details of crimes, has been compromised, but that not all documents were affected. She said One in Four has requested that Evide seek a High Court injunction against the publication of the material online.
“The data which was stolen included personal information. There would also have been short records of people’s engagement in our services. That is stored separately, so we really don’t know what the situation is with that data. We do know that any attachments, any letters, any reports, for example, to child protection services, they have not been accessed,” she said.
One in Four believes that upwards of 1,000 of its clients have been affected, of whom it has contacted about 500 directly so far.
“In the past week, we’ve managed to contact directly about 500 people and we are continuing to do that. A helpline has been set up from this morning so people can contact that by accessing our website and getting the details,” Lewis told Morning Ireland.
“Some people are quite distressed because we are dealing with some very vulnerable people, but people have been remarkably generous. I think sadly, in this day and age, people are accustomed to being contacted by dodgy calls or dodgy emails, so people are generally aware of what they should do if they get an email from an unusual source,” she said.
“We are continuing to offer support and if anybody out there is concerned this morning, we urge them to look at our website and then find the details of how to contact us.
“We have been told that the most valuable information is personal data, which these criminals tend to sell on to people who want to try to defraud people by contacting them via email or text message and trying to get things like for example, bank details, that type of financial information from them, so we are urging people to be very cautious.”
Justice Minister Simon Harris said that the attack was “appalling”.
“This shows that more and more crime is now moving online and more and more of the people behind such attacks are at best ignorant at all and it most just simply don’t care about the fact that in this case, they are attacking some of the most vulnerable people in our country,” Harris said.
“People who have already been through one of the most heinous crimes possible and actually adding this additional stress and worry and concern to them is, quite frankly, despicable.”
Harris added that the gardaí would be provided with the necessary resources to support the PSNI in their investigation.
Lewis advised that people “be cautious, as we all need to be in this day and age”.
“If you get an email or a text message from a source that seems dodgy, even if it seems to be from a reputable organisation – if you’re not sure, contact that organisation.”
One in Four has provided the following contact information on its website: “If you believe you may be affected by this data breach or have any concerns, an information helpline is available Monday to Friday from 11am – 4pm on 00353 879473177 to answer any questions you may have. You can also call the Rape Crisis 24 Hour helpline on 1800 778888.”
Additional reporting by Tadgh McNally
To embed this post, copy the code below on your site
have your say