In April 2023, Evide, a Derry-based IT company specializing in data storage and analysis for charities, became the target of a significant ransomware attack. (siliconrepublic.com) The breach compromised data from approximately 140 organizations across Ireland and the UK, including several that support survivors of abuse.
The Breach Unfolds
Evide’s Impact Tracker platform, widely used by these charities, was infiltrated by cybercriminals who demanded a ransom. (computerweekly.com) The company promptly notified the Police Service of Northern Ireland (PSNI) and engaged cybersecurity specialists to contain the issue and support recovery efforts. (siliconrepublic.com)
Charities Affected
Among the affected organizations was One in Four, a Dublin-based charity dedicated to assisting adult survivors of child sexual abuse. CEO Maeve Lewis reported that nearly 1,000 clients’ personal data, including phone numbers and email addresses, were stolen. (irishexaminer.com)
Investigations and Implications
Authorities in both Northern Ireland and the Republic of Ireland launched investigations into the breach. The Data Protection Commissioner is considering potential sanctions against the affected charities for failing to protect sensitive data adequately. (irishexaminer.com)
Wider Concerns
This incident highlights the vulnerability of organizations handling sensitive information. The UK Information Commissioner’s Office (ICO) has previously reprimanded seven organizations for data breaches affecting domestic abuse victims, emphasizing the need for stringent data protection measures. (ico.org.uk)
Conclusion
The Evide data breach serves as a stark reminder of the critical importance of robust cybersecurity practices, especially for organizations entrusted with the personal information of vulnerable individuals. It underscores the necessity for continuous vigilance and proactive measures to safeguard sensitive data against increasingly sophisticated cyber threats.
Be the first to comment