Irish regulator outlines extent of cyber hacking

Cyber-attacks on Irish companies have resulted in over 200 instances where private data was accessed or stolen by hackers, according to the Data Protection Commission (DPC).

The DPC is Ireland’s data protection regulator.

Graham Doyle, deputy data commissioner, said that the incidents were individual breaches and were reported to the organisation in keeping with GDPR reporting laws.

The confirmation of the incidents comes just a week after it was determined that personal data of staff and some students was exposed in the Munster Technological University (MTU) hack. 

The MTU Cork campus were closed following a “significant” IT breach and phone outages.

In a statement, MTU Cork confirmed the breach was a cyber-attack. The extent of the attack, including which data may have been breached, remains under investigation.

“Following extensive and ongoing initial investigations MTU can confirm that its Cork campuses have been targeted in a cyber-attack. The Kerry campuses of MTU remain unaffected,” the statement said.

The statement said the incident was detected by MTU’s IT security systems last weekend with “immediate steps being taken to intercept and manage the incident”.

“The incident resulted in the encryption of certain MTU systems for the purpose of demanding a ransom,” it added.

MTU said it has been in “close and ongoing contact” with the National Cyber Security Centre, the DPC, An Garda Síochána and other relevant stakeholders including Government departments since the incident.

In November 2022, the DPC announced a fine of EUR265 million and several corrective measures against Meta Platforms Ireland Limited – the data controller of Facebook. The fine followed the announcement of a EUR405 million fine issued to Meta just two months before.

The DPC investigation was triggered by the release of a large dataset of personal data from Facebook being made available on the internet in 2021, allegedly the result of malicious data scraping by cyber attackers