Top 10 Cybersecurity Breaches in Ireland

In late 2015, Ireland's central bank discovered a fraudulent transaction totaling $125,000 in the log of events maintained by the government-owned Bank of Ireland. More than a year earlier, a black hat had compromised the email of a client of Bank of Ireland's private banking arm. Using stolen credentials, the impersonator duped the bank into transferring the above sum from the client's personal account as well as the bank's own funds into a UK bank account. Surprisingly, the bank hadn't used security questions to authenticate the user's identity. Neither had it called up the client to establish the correctness of the money transfer request. Of course, the bank compensated the aggrieved client, but didn't report the case to the central bank or police. In mid-2020, Irish regulators slapped a $1.77 million fine on the bank.

In December 2022, a trove of sensitive personal data relating to nearly 200 million Twitter users, including Twitterati in Ireland, appeared on a popular hacker forum. The entire dataset, which reportedly included the screen name, full name, follower number, date of creation, and email address, was up for grabs, according to cybersecurity researchers! The validity of some of the emails in the data trove has since been confirmed. Sundar Pichai, Donald Trump Jr., and SpaceX are said to be among the celebs and popular entities whose details figure in the 63 GB of leaked data. The data trove is believed to be from the period from June 2021 to January 2022. The criminals had actively exploited the vulnerability in a Twitter update, made in mid-2021, to engineer the hack. The security flaw was fixed in January 2022.

In mid-May 2021, The Financial Times daily reported that ransomware criminals had leaked 27 files, including medical records of at least 12 individuals, from Ireland's public-funded healthcare system, Health Service Executive (HSE). However, by the end of the month, HSE acknowledged that medical data of 500+ patients had leaked online from its servers in the ransomware incident. A few corporate dossiers, minutes of meetings, and correspondence with patients also formed part of the leaked 700 GB data tranche. The hackers gave HSE a May 17, 2021 deadline to pay up $20 million or risk exposing the data! The demand got a prompt thumbs down from the HSE. The healthcare provider was expected to shell out more than $100 million to regain access to critical systems.

Dublin-based Virginia Media Television, launched in 1998, is a commercial television company. In mid-February 2023, the popular TV broadcaster suffered a major service outage, following what it termed as "an unauthorized attempt" to access its systems – a euphemism for hacking! The cyber intrusion hit programming on Virgin Media 3, 4, and More channels, besides the online VMTV Player. Apparently, the attackers had spared Virgin Media Ireland's other operations such as broadband and mobile. The company said it had quelled the hack and expected to restore the affected services expeditiously, though its investigation was still underway. Ireland's nodal government computer security body, the National Cyber Security Centre, as well as the national police service (Gardai), were looking into the matter.

In February 2023, Munster Technological University (MTU) shut down four of its campuses for two days in the wake of a significant breach of its IT and telephone systems. MTU later confirmed it had been the subject of a ransomware attack. By February 12, 2023, some of the purloined data, pertaining to staff and students, had surfaced on the dark web. MTU told Ireland's High Court that the hackers were blackmailing it to part with significant ransom money in order to have the stolen data safely returned. The university claims the hack might have been orchestrated by former operatives of the Russia-linked Revil ransomware group. The court granted MTU an injunction preventing the sale or publication of the stolen data.

In February 2023, Dublin-based agriculture produce giant, Dole, with annual revenues of nearly $6.5 billion, said a ransomware attack had resulted in product shortages at some of its US stores. A Texan grocery, for instance, faced a shortage of prepackaged salads. The cyber maneuver forced the company to suspend shipments and shut down systems throughout North America to prevent the ransomware infection from spreading. This was revealed by a memo Dole had sent to several American groceries and which later went public. As of February 24, 2023, there was hardly any evidence of any data theft from Dole. Besides, there was no mention of Dole on any of the leak sites on the dark web. Ransomware gangs are known to display victims' details on dedicated dark web pages, but only in cases where ransom negotiations make no headway.

On February 13, 2023, security researchers reported that Belfast-based contracting group, Lagan Specialist Contracting Group (SCG), with around $250 million in revenues, has fallen victim to the LockBit ransomware. This data-encrypting malware is notorious for its insidious "double extortion" tactic. Malicious hackers first identify network devices with unencrypted confidential data. Having stolen and locked down such files, the ransomware operators threaten victims with exposure of their data on "name and shame" sites that are publicly viewable on the dark web. Alternatively, the data might be auctioned off to third-parties if the victims drag their heels on ransom payment, usually in bitcoins. The threat group sets a deadline for ransom payment, which in Lagan's case was February 28, 2023.

The Dublin-based software company provides digitization and automation services to financial trading markets worldwide. In February 2023, several financial derivatives traders around the world were knocked offline by a ransomware attack, forcing them to complete all post-trade processes manually. These included trade margin requirement updates, an activity in which the "time to complete" is of paramount importance. In early February 2023, a message popped up on the ION Group website alerting users to the cybersecurity event. Amid all-out remediation efforts, the company took the impacted servers offline while the futures industry gauged the extent of the impact on trading, processing, and clearing. ION Group's internal memo, cited by media, pinned blame for the ransomware intrusion on the Russia-linked LockBit gang.

A-tech-for-good enterprise, Evide manages data for more than 140 charities in Ireland, besides the UK. In March 2023, online criminals staged a ransomware attack on the storage provider, stealing data of nearly 2,000 abuse victims across four different charities based in Southern Ireland. Evide said it had noticed unusual traffic on their network and immediately contacted the police, besides alerting stakeholders. One in Four, a charity that supports childhood sexual abuse survivors, reached out to 500 persons whose data might have been ripped off by the hackers. The charity also set up a helpline to assist those affected. Fortuitously, the leaked information is not highly sensitive or personal and hasn't been published on underground cyber forums.

The Belgian payroll company manages a significant amount of confidential data on 5.2 million employees in more than 82,000 businesses, including in Ireland. Among the sensitive information the company is privy to are customers' government ID numbers, tax information, addresses, full names, birthdates, phone numbers, bank account numbers, and employee evaluations. In the first week of April 2023, SD Worx reportedly shut down its IT infrastructure that enables payroll services after the company's UK and Ireland division suffered a cyberattack in which confidential data might have been stolen. The previous night, SD Worx's IT team had come across malicious activities in the hosted data center. Inadequate protection of customer data could expose businesses to class-action lawsuits brought by individuals whose personal data might have been exposed.

Eternal vigilance is the true price of cybersecurity. The lessons from the high-profile and damaging attacks on organizations of various hues in Ireland should be an eye-opener for just about everyone. Businesses are busy strengthening their cybersecurity postures on an ongoing basis, and learning from the hard experiences of other organizations is certainly going to enrich these efforts. Reach out to the Cyberlands team and discover the right strategy that will help further reinforce your business's cybersecurity perimeter.

We will be back soon with more cybersecurity updates, so stay with us. Thanks for your time.