Abuse victims warned over 'dodgy emails' following ransomware attack

The company, Evide, which is based in Derry and manages data for around 140 charities and non-profit organisations in Ireland, Northern Ireland, and the UK, was targeted by cybercriminals last month, at which time it contacted the PSNI and engaged cybersecurity specialists to help contain the issue and support recovery efforts.

Ms Lewis told RTÉ radio’s Morning Ireland that One in Four had been in contact with Evide to ask them to take a legal injunction to stop the sharing of the sensitive information. 

As One in Four had not been directly targeted, it could not initiate legal proceedings.

It was her understanding that One in Four’s clients’ personal data had been accessed. 

“We were told by the cybersecurity experts that the data is very valuable because it can be sold to people who then go on to try and commit fraud by, for example, getting bank account details or other personal data," she said.

Ms Lewis added that documents that were attached to the data had not been accessed.

1,000 clients hacked

One in Four believed the data of about 1,000 clients had been hacked. In the past week, the charity had contacted 500 clients and was continuing to get in touch with people.

“But if they've not heard from us, they can access support and information on our website at www.oneinfour.ie," she said. 

"We would also just urge people to be careful of any unusual email or text messages that come through."

The data which was stolen included personal information, such as short records of people's engagement with One in Four’s services. 

“So we really don't know what the situation is with that data. We do know that any attachments, any letters and any reports, for example, to child protection services, they have not been accessed."

Ms Lewis said that the people they had contacted had been “remarkably generous”, while, obviously, some people had been quite distressed “because we are dealing with some very vulnerable people".

It is understood that approximately 2,000 people, including victims, survivors, and suspected perpetrators may have been affected in Ireland, alongside additional individuals in Northern Ireland, and Britain.

“Sadly, in this day and age, people are accustomed to being contacted by dodgy calls and emails. So people are generally aware of what they should do if they get an email from an unusual source.

"If anybody out there is concerned, we urge them to look at our website and contact us," Ms Lewis added.

Minister of State at the Department of Communications, Ossian Smyth TD has said that the nature of the information stolen remains unclear.

Increasingly cyber attackers were targeting data storage facilities rather than organisations directly, he said.

Mr Smyth told RTÉ radio’s News at One the people who were the users of the support organisations had shared their data with those organisations. “I can understand that they would be very worried and worried that they have shared the most confidential, intimate information".

The abuse support organisation One in Four had earlier said they did not believe that detailed case notes had been compromised. “They believe that the most likely form of attack would be a financial attack. So somebody using your name and address to try to obtain your bank account details or to try to deceive you into believing that they came from the charity organisation themselves”.

Mr Smyth cautioned that the investigation was at an early stage and that some of the information circulating was untrue. The nature of the attack was likely to be financial and the numbers impacted would be “a very small proportion”. 

When asked if there was a role for the Data Protection Commissioner in the investigation into the breach, Mr Smyth, said yes there was, but he did not know if it would be the Irish Commissioner as the breach occurred in Northern Ireland.

“We're asking people to be cautious about somebody who sent you an email or a text pretending to be from One and Four or from another organisation saying ‘I want your credit card number’.”