Hackers steal ‘goldmine of personal data’ in cyber attack

OVER 2,000 people who took part in a local programmme to help unemployed people return to work may have had their personal data stolen in a major cyber security breach.

Organisations dealing with rape and sexual abuse victims and survivors have also been caught up in the same ransomware attack, which has targeted charitable and volunteer groups across Ireland.

On Tuesday, Fermanagh and Omagh District Council (FODC) said they had been made aware that a third-party company, Evide Impact Limited, which processes data on behalf of the council, had been impacted by ‘a cyber-security incident’.

The Derry-based firm’s systems held personal details of people who participated in the FODC’s employability initiative, ASPIRE.

FODC told the UH that the total number of people affected could be as much as 2,469.

People who took part in the ASPIRE programme received an email earlier this week telling them that they may have had their data stolen and that they should change their passwords immediately.

One ASPIRE participant, who wishes to remain anonymous, told the UH, “At first, I didn’t think anything of it but then it made me worried about how people could get that information so easily.

“They had a lot of my information. anything that would’ve been able to go on a CV. This included my email address, phone number, name and possibly even my home address.

“The Internet seems to be becoming a very dangerous place to store information and I am going to change my passwords immediately after this.”

A spokesperson for Fermanagh and Omagh District Council said they have been in contact with Evide and the PSNI to resolve the breach.

“Fermanagh and Omagh District Council has been made aware that a third-party company, Evide Impact Limited, who processes data on behalf of the council has recently been impacted by a cyber-security incident.

“The company provides a database system to record the details of participants in the council’s ASPIRE programme. ASPIRE is a local employability initiative that is delivered in partnership with the Western Health and Social Care Trust, Education Authority, and delivery partner Fermanagh Rural Community Initiative.”

For its part, Evide said it “immediately contacted the PSNI” once it became aware a “third party” had accessed its systems.

West Tyrone MP, Órfhlaith Begley, described the hacking as “deeply concerning.”

“This must be resolved as quickly as possible and everyone’s information is impacted by this breach must be kept fully informed.”

Nine organisations based in the Republic of Ireland have had their data stolen during the same attack.

Police on both sides of the border are now investigating.

Omagh-based cyber security firm, Loughtec said the data the hackers retrieved could be a ‘goldmine’ of high-quality personal information that may be sold on the dark web.

Loughtec CEO, Seán McDermott commented, “These ransomware-style attacks are becoming more sophisticated and common. Ninety per-cent of these attacks come from very elaborate phishing emails where hackers compromise members of staff’s social media accounts and email addresses.

“Once these attackers gain access to a company’s servers, they will spend a lot of time doing reconnaissance on the company and its staff and what information they store. These types of attacks are becoming increasingly common due to the value of people’s information on the dark web.

“The information that has been stolen in this incident is a goldmine for these hackers. It is very sad because this information has come from charity and voluntary organisations. I would recommend anyone who uses a third-party group to store information to ensure that the agency has robust cyber security protocols.

“I would also advise anyone who has been hacked to change their password immediately and ensure they’ve some form of cyber security installed on their devices.”