Organisation information
Cybersecurity Incident: Your Questions
From Office of the Protected Disclosures Commissioner (OPDC)
Published on
Last updated on
From Office of the Protected Disclosures Commissioner (OPDC)
Published on
Last updated on
Q. What has happened?
On Thursday 11 December 2025 we were the subject of a random cybersecurity attack on our IT systems.
It is understood that this was a random attack and a forensic investigation is ongoing. As a precaution, some systems were initially taken offline to contain the threat while the incident was investigated.
However, all public-facing services have now been restored.
Q. Has my data been accessed?
We have been working closely with forensics experts to fully investigate this incident. Arising from this work the Office is confident at this time that no personal data was taken.
Q. What action has been taken to protect my data?
Once we became aware of the incident our priority was to protect the data of people who rely on our services and to restore services safely.
The NCSC (National Cyber Security Centre) activated its incident response plan and put in place enhanced monitoring to support the OPDC.
The incident was also notified to the Data Protection Commissioner and An Garda Síochána.
To further protect the data of individuals, we have taken legal steps, including securing an injunction from the High Court to restrict any publication of potentially stolen information. That said, the Office is confident at this time that no personal data was taken.
For general guidance relating data protection, please see the Data Protection Commission website . For general advice relating to the cyber security, please see the National Cyber Security Centre website .
Q. What services are impacted?
All public-facing services have been restored. However, we continue to experience some delays in progressing cases.
Q. Do the attackers currently have access to the IT system?
No. When the incident was discovered our IT system was secured to ensure the attackers no longer had access.
Q. I have made a report under the Protected Disclosures Act, what do I need to do?
If you have made a report to this Office, you will have received an acknowledgment of your report within seven days. In general, we are obliged to transmit reports to the most appropriate body within fourteen days. In some circumstances we have to extend this timeframe. If we have to extend the timeframe for consideration of your report, you will be informed. When your report has been transmitted, you will be informed. You do not need to contact us at this stage.
Q. I wish to make a report under the Protected Disclosures Act, is this service available?
Yes, we continue to accept reports through our secure email system. As noted above, we may need to extend the time required to consider your report before we can transmit it to the most appropriate recipient. If that is the case, as noted above, we will let you know.