Evide data breach

2023 cybersecurity incident

The Evide data breach was a data breach caused by ransomware in Northern Ireland.^[1]^[2]^[3]^[4]^[5]^[6]

Evide

Evide is a company based in Derry which specialises in data storage and analysis for charities.^[2] Evide manages data for around 140 organisations.^[2] At least four of the affected organisations deal with survivors of rape or sexual abuse.^[6]

Events

Breach

The Police Service of Northern Ireland has confirmed that it was contacted in March about a cyber attack and it was investigating.^[3] Gardaí are cooperating with them, including the Garda National Cyber Crime Bureau.^[3]

The charity One in Four was told of the breach on 5 April 2023.^[2]

Disclosure

The news of the breach was made public on 17 April 2023.^[1]^[2]^[3]^[4]^[5]^[6]

Impact

A number of organisations were affected, including the Dublin-based charity One in Four, which supports adult survivors of child sexual abuse. Maeve Lewis, CEO of One in Four, told RTÉ News that personal data, including phone numbers and email addresses had been stolen. However, letters and reports to child protection services were not taken. About 1000 people who had been engaged with One in Four might be affected. One in Four contacted Evide to ask them to take legal action against the attackers as One in Four was not directly attacked.^[1]^[2]^[3]^[4]^[5]

Orchardville, an organisation based in Northern Ireland, said that it was not sure if any of its data was affected.^[3]^[4]

Charities affected could be investigated by the Data Protection Commissioner.^[2]

Reactions

Ossian Smyth said the investigation was in early stages and urged caution as some stories circulating may not be true.^[1]

References

^ ^a ^b ^c ^d Clarke, Vivienne; Sheehy, Mairead (2023-04-17). "Abuse victims warned over 'dodgy emails' following ransomware attack". Irish Examiner. Retrieved 2023-04-18.
^ ^a ^b ^c ^d ^e ^f ^g Brennan, Cianan (2023-04-17). "Charities for abuse victims may face sanctions over data breach". Irish Examiner. Retrieved 2023-04-18.
^ ^a ^b ^c ^d ^e ^f "Cyber attack: Data from charities stolen in ransomware attack". BBC News. 2023-04-17. Retrieved 2023-04-18.
^ ^a ^b ^c ^d Boland, Lauren (2023-04-17). "Investigation underway into cyber attack affecting charities for sexual assault survivors". TheJournal.ie. Retrieved 2023-04-18.
^ ^a ^b ^c McGreevy, Ronan; Clarke, Vivienne (2023-04-17). "Sex abuse survivors' charity One in Four victim of data breach". Irish Times. Retrieved 2023-04-18.
^ ^a ^b ^c Reynolds, Paul (2023-04-17). "Abuse victims' data stolen in ransomware attack". Retrieved 2023-04-18.

External links

Evide - home page of the targeted company

Hacking in the 2020s

← 2010s

Timeline

2030s →

Major incidents

2020	BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach
2021	Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack
2022	Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak
2023	Munster Technological University ransomware attack Evide data breach MOVEit data breach Insomniac Games data breach Polish railway cyberattack British Library cyberattack
2024	XZ Utils backdoor