A cross-border investigation has been launched after hackers stolen data from charities and community organisations in a cyber attack on a Derry-based IT company.
Evide manages data for about 140 organisations across the island of Ireland and the UK, including groups that work with victims of sexual crime.
It was targeted in a ransomware attack last month.
The PSNI’s Cyber Crime Unit are investigating the data hacking.
“Enquiries, in conjunction with our national partners, are ongoing,” a PSNI spokeswoman said.
“As such, it would be inappropriate to comment further at this time.”
Phone numbers
Belfast-based charity and social enterprise Orchardville is one of the organisations involved.
Its database has information about participants and next of kin contacts – but no financial details are held.
In a letter to service users seen by the BBC, Orchardville said it was not yet known how much of its data, if any, had been accessed.
“But we wanted to make you aware of what has happened as soon as possible so that you can be more alert to any suspicious attempts to contact you,” the organisation said.
One in Four, a Dublin-based charity that works with adults who have experienced childhood sexual abuse, has been contacting users.
Its chief executive Maeve Lewis told RTÉ’s Good Morning Ireland programme that data including phone numbers and email addresses has been stolen.
“We were told by the cybersecurity experts that that data is very valuable because it can be sold to people who then go on to commit or try to commit fraud, by for example, getting bank account details or other personal data,” she said.
She said more than 1,000 people who have engaged with the charity may be affected and the charity had managed to contact about 500 of them to date.
“We do know that any attachments, any letters, any reports for example, to child protection services, they have not been accessed,” she added.
It is understood three other sexual abuse charities in the Republic have been affected.
Evide said it had became aware of the incident when unusual traffic was detected on its network.
“As soon as we became aware that a third party had accessed our systems we immediately contacted the PSNI and engaged the services of experienced cyber-security specialists to assist us to contain the issue, support recovery efforts, and conduct a thorough investigation,” the firm said.
“We have provided notifications to all relevant stakeholders and clients and also notified the relevant authorities, including the Police Service of Northern Ireland who notified An Garda Síochána (Irish police).”
Irish broadcaster RTÉ says it understands hackers have made ransom demands but that has not been paid.
A Garda spokeswoman said it was “assisting the PSNI in its investigation into a ransomware attack on a company based in Northern Ireland that has customers across the island of Ireland”.
“The Garda National Cyber Crime Bureau has been providing advice to a number of companies.”
Tags: