MTU students and staff urged to be vigilant as it reopens after data hack

MTU is working with the National Cyber Security Centre to investigate the attack, believed to have been carried out by a Russia-based hacking collective known as Blackcat or APLHV.

The director of the National Cyber Security Centre, Richard Browne, said that efforts will be made in the next few days to establish what information was released.

He explained: "Unfortunately, it's a consequence of what happens in these cases."

Very often when this material is released, very little happens with us depending on what it is. And of course we don't know exactly what it is yet.

“Every now and then people's personal information is used for fraud, it's used for financial crime, it's used for whatever it might be. So the obvious things apply."

People have been urged to keep an eye on their financial details, particularly with an increase in scams in recent months.

Mr Browne continued: "The attackers have done what they're going to do. This is an extremely prolific group and their leak site has over 250 victims.

They have spent their money and have got nothing back from it. They're done. And the question for us now is how do we limit the damage of that data being out there in the world? 

On Sunday, MTU said in a statement: “(we) have received confirmation from our technical advisors and members of the National Cyber Security Centre who have been assisting us in relation to this incident that certain data has been accessed and copied from MTU systems in the course of the ransomware incident and made available on the ‘dark web’.” 

The Data Protection Commission has been informed of the breach.

Students and staff have been warned to look out for potential attacks by email or SMS.

The student union has also shared information on how to recognise a “phishing email” which is where an email contains malicious links.

On Friday, MTU secured an interim High Court injunction to help prevent the use of any data that may have been illegally taken from its systems.

However, a Cork solicitor, who is taking a case on behalf of a cancer patient affected by the HSE cyberattack, queried the effectiveness of the injunction, following a similar move by the HSE in 2021.

“Injunctions are great but where someone chooses not to obey, it is very hard to do much about it,” Michael O’Dowd said.

It seems that this case is linked to Russian hackers, they are not terribly beholden to Irish law and could ignore it.

"I think the reason it is being done, as it is likely that litigation may well come from these, it is something that would ultimately lead MTU, in this case, to say they have taken every step they could, including getting an injunction.” 

Mr O’ Dowd, based in Glanmire, is representing two patients who were affected by the hack on the Mercy University Hospital.

He said it has proved to be challenging to find out what is happening.

“People still don’t really know anymore than they knew two years ago, nothing new,” he said, referring also to patients whose data was confirmed as shared online by the HSE at the time.

“Nothing new, and trying to find it out even though the court system has been met with resistance.” 

The HSE is now writing to about 100,000 people whose data was affected in the attack.

He has warned that those affected in MTU could face years of uncertainty about how their data was used.

Justice and Higher Education Minister Simon Harris said he welcomed the involvement of the Gardai and the National Cyber Security Centre in combating the MTU cyber attack.

“It is important that the National Cyber Security Centre and the Gardai have been linked in and involved and I don’t want to comment in any way that cuts across their work, other than to say I am being kept updated by officials in the Department of Further and Higher Education and by the Gardai,” he told the Irish Examiner.

“We will now also consider any advice or guidance that can be offered to all higher education institutions arising from this latest incident,” he added.

He paid tribute to the staff and students. “I want to thank all the team involved in MTU for their tireless work during this cyber attack. I am pleased that the college will now reopen,” he said.

At the weekend, it emerged seven Russian nationals have been sanctioned by America and the UK for cyberattacks including the Conti ransomware attack on the HSE.