Ransomware Hackers Steal Sensitive Charity Data
Londonderry-based IT firm Evide says personal data from charity clients stolen following ransomware attack as organisations warn of fraud risk
Hackers have stolen personal data from Evide, an IT company in Londonderry that serves charities, following a ransomware attack, Evide said.
The firm said it is working with police to investigate.
The Police Service of Northern Ireland (PSNI) said the incident was reported to it last Thursday and has been referred to specialist detectives in the Cyber Crime Investigation Team.
“Enquiries, in conjunction with our national partners, are ongoing,” the PSNI said.
Personal data
RTÉ News reported that four charities dealing with sexual abuse have been affected.
Maeve Lewis, chief executive of Dublin-based One in Four, which works with adults who have experienced childhood sexual abuse, told RTÉ’s Good Morning Ireland programme that the stolen data included phone numbers and email addresses.
She said the information could be used commit fraud.
But she said information regarding the clients’ work with the charity was stored separately and was not affected.
‘Data owners’
More than 1,000 people who have engaged with One in Four were affected and about 500 have been contacted, she said.
Belfast-based charity and social enterprise Orchardville said it was also affected, but is not yet aware how much of its data, if any, had been stolen, the BBC reported.
“But we wanted to make you aware of what has happened as soon as possible so that you can be more alert to any suspicious attempts to contact you,” the organisation said in a letter to service users.
Dominic Trott, UK director of strategy at Orange Cyberdefense, said the charities impacted remain the “data owners”, with responsibility for protecting the outsourced data, while Evide has joint responsibility as “data processor”.
Remediation plan
He said the incident raises the prospect of substantial fines.
“We must ask whether fines would be the optimum outcome here if they could potentially send a charity under,” he said.
Trott added that in such cases regulators should perhaps focus on “some kind of remedial plan and education so these organisations can keep doing their valuable work”.