Cybersecurity Incident: Your Questions

Q. What has happened?

We are responding to a cybersecurity incident involving unauthorised access to our ICT systems. It is understood that this is a financially motivated ransomware attack and a forensic investigation is ongoing. As a precaution, systems have been taken offline to contain the threat while the incident is investigated.

Q. Has my data been accessed?

We are working with the National Cyber Security Centre (NCSC) and external cyber incident response specialists to assess the nature and extent of the incident and to support containment and recovery. Due to the nature of these types of attacks we are operating on the basis that data may have been taken.

For general guidance relating to data protection, please see the Data Protection Commission website . For general advice relating to cyber security, please see the National Cyber Security Centre website .

Q. What action has been taken to protect my data?

The priority of the Office is to restore services safely, and to protect the people who rely on our services.

We are working with the National Cyber Security Centre (NCSC) and external cyber incident response specialists to assess the nature and extent of the incident and to support containment and recovery. The NCSC has activated its incident response plan and has put in place enhanced monitoring to support our Office.

The incident has also been notified to the Data Protection Commissioner and An Garda Síochána.

To further protect individuals, we have taken legal steps, including securing an injunction from the High Court to restrict any use or publication of potentially stolen information.

Q. What services are impacted?

Affected services at the CPSA include our telephone service. It is also impacting the ability of the Office to progress existing cases at this time.

Q. I have made a complaint to the CPSA, what do I need to do?

Due to the disruption to our systems, we are experiencing delays in processing complaints and ask that you bear with us. However, you do not have to resubmit your complaint or contact us at this stage.

Q. I have made a report to the CPSA under the Protected Disclosures Act, what do I need to do?

If you have made a report to the CPSA as a prescribed person under the Protected Disclosures Act, you will have received an acknowledgment of your report within seven days. However, we may experience delays in carrying out follow-up on your report and ask that you bear with us. You do not need to contact us at this stage.