Organisation information
Cybersecurity Incident: Your Questions
From Office of the Protected Disclosures Commissioner (OPDC)
Published on
Last updated on
From Office of the Protected Disclosures Commissioner (OPDC)
Published on
Last updated on
Q. What has happened?
We are responding to a cybersecurity incident involving unauthorised access to our ICT systems. It is understood that this is a financially motivated ransomware attack and a forensic investigation is ongoing. As a precaution, some systems have been taken offline to contain the threat while the incident is investigated.
Q. Has my data been accessed?
We are working with the National Cyber Security Centre (NCSC) and external cyber incident response specialists to assess the nature and extent of the incident and to support containment and recovery. There is no evidence at this time that any data has been taken.
For general guidance relating to data protection, please see the Data Protection Commission website . For general advice relating to cyber security, please see the National Cyber Security Centre website .
Q. What action has been taken to protect my data?
The priority of the Office is to restore services safely, and to protect the people who rely on our services.
We are working with the National Cyber Security Centre (NCSC) and external cyber incident response specialists to assess the nature and extent of the incident and to further support containment and recovery. The NCSC has activated its incident response plan and has put in place enhanced monitoring to support our Office.
The incident has also been notified to the Data Protection Commissioner and An Garda Síochána.
To further protect individuals, we have taken legal steps, including securing an injunction from the High Court to restrict any use or publication of potentially stolen information.
Q. What services are impacted?
Affected services at the OPDC include our telephone service. It is also impacting the ability of the Office to progress existing cases at this time.
Q. I have made a report under the Protected Disclosures Act, what do I need to do?
If you have made a report to this Office, you will have received an acknowledgment of your report within seven days. In general, we are obliged to transmit reports to the most appropriate body within fourteen days. In some circumstances we have to extend this timeframe. If we have to extend the timeframe for consideration of your report, you will be informed. When your report has been transmitted, you will be informed. You do not need to contact us at this stage.
Q. I wish to make a report under the Protected Disclosures Act, is this service available?
Yes, we continue to accept reports through our secure email system. As noted above, we may need to extend the time required to consider your report before we can transmit it to the most appropriate recipient. If that is the case, as noted above, we will let you know.