Charities for abuse victims may face sanctions over data breach

Charities for abuse victims may face sanctions over data breach

Maeve Lewis, chief executive of One in Four, said almost 1,000 of its clients had been hacked.

Mon, 17 Apr, 2023 - 18:05
Cianan Brennan

A number of charities that saw the personal data they held on abuse victims stolen in a ransomware attack could face sanction from the data regulator.

The only Irish charity involved to be publicly named thus far — child abuse support organisation One In Four — was first informed of the breach on April 5.

It’s understood at least eight other Irish institutions, including a rape crisis centre, have likewise made contact with the gardaí and the Data Protection Commission after the data they managed was accessed during the attack.

The data had been held by Derry-based Evide, which specialises in data storage and analysis for the charity sector. Evide manages data for roughly 140 organisations.

However, the Irish bodies involved will likely face investigation by the Data Protection Commission due to their status as controllers of the lost data, with Evide acting as a data processor despite operating in a separate jurisdiction.

Criminal probe

A spokesperson for Evide said the company had notified “all relevant stakeholders” as soon as the company had been made aware of the incident, adding that the matter is now the subject of criminal investigations both north and south of the border.

Maeve Lewis, chief executive of One In Four, said almost 1,000 of its clients had been hacked, with roughly half of them having been contacted to inform them of the breach. Those contacts continue, she said.

Minister for Justice Simon Harris described the attack as “appalling” and urged victims to be “extra vigilant” in terms of any peculiar emails or text messages they may receive going forward.

While personal details including names, addresses, and phone numbers were accessed following the ransomware attack, it’s understood that the One In Four case summaries were all anonymised, meaning individual cases could not be linked back to other personal details.

It’s also believed that the data dump saw the various details from all of the 140 organisations involved accessed in one tranche, making connecting the various facets to the different bodies affected more difficult.

Ransomware is a form of cybercrime that sees access blocked to a victim’s systems in return for payment. While such a ransom has been requested in the case of the Evide hack, it has not yet been paid.

Read More

Abuse victims warned over 'dodgy emails' following ransomware attack

CONNECT WITH US TODAY

Whatsapp logo

WHATSAPP

Newsletter logo

NEWSLETTERS

Notification logo

NOTIFICATIONS

Be the first to know the latest news and updates

More in this section

Enoch Burke outside Co Westmeath school for second day after prison release Enoch Burke outside Co Westmeath school for second day after prison release
RTÉ dealt fresh blow with resignation of chief financial officer RTÉ dealt fresh blow with resignation of chief financial officer
Food prices Food, pints and insurance costs surge as inflation hits Irish households
technologyGardai#Violence against womenPerson: Simon HarrisOrganisation: One In Four
<p>In addition to Grok, people have also called for urgent action on other AI tools, including so-called 'AI-girlfriend' websites and apps, which allow the production of graphic deep-fake pornography of adult women and child sexual abuse imagery (CSAM).</p>

'It should be illegal,' says survivor of child sexual abuse about AI 'nudification' technology

READ NOW

Lunchtime News

Newsletter

Keep up with stories of the day with our lunchtime news wrap and important breaking news alerts.

Latest

Most Read

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

© Examiner Echo Group Limited