Cyber security warning for public bodies after scam

The cybersecurity of all taxpayer-funded bodies is set to be investigated after a foundation used to raise donor funds for Trinity College lost almost €1m when it was targeted by fraudsters in an online scam.

Cyber security warning for public bodies after scam

The Dáil Public Accounts Committee is insisting that an immediate review of all defences is needed after the scandal was uncovered by foreign bank officials along with Irish and international police — saying at least one other institution and a local authority have also fallen victim to similar attacks.

In correspondence to the PAC seen by the Irish Examiner, Trinity College provost, Patrick Prendergast, confirmed that the college’s foundation charity was targeted by an international cyber attack last year.

The scam, which was more technical than usual email fraud attempts and focussed on sensitive data, ultimately saw the college lose €974,781 in public money — of which only €217,000 has been recovered.

Although the fraud was initially uncovered by a bank in Scotland and is now the subject of separate garda, British and German police investigations, it is believed it may be impossible to recover more of the lost funds due to the technical nature of the attack.

And while Trinity has taken steps to improve its online and financial security, PAC chairman and Fianna Fáil TD, Sean Fleming, said the attack shows there is an urgent need to examine all taxpayer-funded bodies ability to prevent further cyber attacks.

“It’s true that during the course of last year Trinity College Foundation was attacked in an incident of cyber fraud which has cost a considerable amount of money,” said Mr Fleming.

“There have been at least two other public bodies attacked in the last year, and we need to make sure they are taking proper steps to address this, because taxpayers’ money is at stake.

“We need to know public money is safe and that the right defences are in place, this is a lot of money and it risks impacting on services.”

In a discussion on the issue last week, a number of PAC members also backed a decision for the committee to ask all taxpayer-funded bodies to explain if they have been attacked and what improvements they have since made.

They included Social Democrats TD Catherine Murphy; Sinn Féin TD David Cullinane; and unaligned Independent TD Catherine Connolly, who warned that the money should be used for services that are “struggling”.

“It looks to me as though there is a control issue there. I do not know how we should address this, possibly through another sectoral committee or by writing to the Higher Education Authority. Obviously if one college has had an incident of this profile, others have had the same,” she warned.

State financial watchdog the comptroller and auditor general, Seamus McCarthy, said the money was lost due to “cyber fraud” and that it only became public knowledge because “the college was obliged to make good that loss to the foundation”.

Mr McCarthy added that while the Trinity College attack relates to its foundation charity wing, the taxpayer has still had to pay for the loss because it is obliged to cover donation deficits.

It is the one college that has accepted that it controls its foundation.

Even before this problem arose, this was accepted by them. The university was fully consolidating the foundation in its financial statements.

“Usually in a situation where a foundation is operating, it receives monies for specific purposes. It must deliver on those purposes because it has taken the money.

“But here, the foundation had an obligation to protect that money until such time as it could be applied for the purposes. The university has, therefore, been obliged to find the funding from elsewhere in its resources to meet that loss,” he said.

Cyber attacks have become increasingly prominent in recent years with a series of IT experts repeatedly warning public and private bodies that they must drastically improve their defences if they want to protect their funds and sensitive information.

More in this section