Alcohol Forum Ireland Cyber Security Breach

Information regarding a data breach:

On April 17th, Alcohol Forum Ireland received notification from our IT service providers that they were subject to a cyber security incident.  Alcohol Forum Ireland data has been accessed by a third party.  The matter is being investigated by law enforcement agencies, including the Gardai.   Alcohol Forum Ireland take data privacy and cyber security very seriously and we have notified the Data Protection Commission.    

We have been advised that the personal information of people who have used our services has possibly been accessed, however, it is not structured in a way that would make finding information about any individual easy and it is important to note that there is no evidence of further misuse of any clients’ data at this time.

It is very early in this process, but please be assured that we, in Alcohol Forum Ireland have you, our client’s best interest at the forefront as we respond to this issue. We apologise for any & all inconvenience caused. 

FAQ Questions and Answers from Evide

Please see below FAQ’s and responses which have been prepared by Evide, our IT service provider whose system was subject to a cyber security attack.    

What happened?

On 29 March 2023, Evide became aware of an incident whereby unusual traffic was detected on its network. Evide’s clients informed us that there was a message on our database that the server could not be found. Initial investigations found that our databases had been deleted. Upon discovery of
the suspicious activity, the affected servers and systems were immediately taken offline. We have been informed by the cyber-security specialists that in the course of the cyber security incident an unauthorised third party gained access to our IT systems. The unauthorised party has since made direct contact with us and provided some evidence that it has exfiltrated our clients’ data. Whilst we cannot guarantee that all client data has been exfiltrated at this stage, we are operating on the assumption that all of our clients’ data has been exfiltrated from our systems.

Evide immediately engaged the services of experienced cyber-security specialists to contain the issue, assist with its recovery efforts, and conduct a thorough investigation. Evide’s cyber-security specialists helped to restore its systems securely and mitigate the impact as far as possible.  Evide has provided notifications to its relevant stakeholders and clients and also notified the relevant authorities, including the Police Service of Northern Ireland who notified An Garda Síochána. The incident is now subject to a criminal investigation.

With the help of external cyber-security specialists, Evide has been monitoring for any evidence of references to the incident emerging on the part of the internet that is not accessed through normal search engines, which is commonly known as the dark web. Evide is not aware that any personal data has been posted on the dark web.

When was the incident discovered?

Evide became aware of IT disruption on 29 March 2023. Upon discovery, Evide immediately engaged the services of experienced cyber-security specialists to contain the issue, assist with its recovery efforts and conduct a thorough investigation, which is still underway.

What data has been affected?

The unauthorised party has made direct contact with us and provided some evidence that it has exfiltrated our clients’ data. Whilst we cannot guarantee that all client data has been exfiltrated at this stage, we are operating on the assumption that all of our clients’ data has been exfiltrated from our systems.

What kind of information was exposed in this event?

Whilst we cannot guarantee that all client data has been exfiltrated at this stage, we are operating on the assumption that all of our clients’ data has been exfiltrated from our systems. Our clients are charities and non-profit organisations and the categories of data will vary on a client by client basis.

The data is patchy in nature rather than comprising all of the data held relating to any one person.

The data in question was not structured in a way that would make finding specific information about an individual easy, and it’s important to note that we have no evidence of further misuse of our clients’ data.

Is this a ransomware attack?

No the data was not encrypted from our systems. In this case, the unauthorised third party gained access to our systems and stole our database and then deleted it from our servers. The unauthorised third party have requested a ransom payment from us in relation to the stolen data.

Would you consider paying the ransom amount?

No. We have carefully considered the impact of the data being published and determined that we would be supporting a criminal organisation if we were to pay the ransom amount.

Why does Evide hold this type of information?

Evide help charities and non-profits manage their data and measure their impact. The charities and non-profits use this data to monitor & evaluate their projects and report to funders.

How did the cyber criminals access the systems?

Our investigation has not conclusively identified this. We are conducting a thorough investigation and are working extremely hard to identify how the threat actors gained access to our systems.

Why has it taken so long to notify me?

Despite the best efforts of a team of external experts, investigating a cyber-security incident is exceedingly complex and takes significant time. As is standard practice in these situations, Evide have waited until it has a fuller understanding of the incident before communicating with those who may be affected. Evide has also, at all times, kept the Police Service of Northern Ireland/An Garda Síochána updated with the approach it is taking.

Are the systems now secure?

Evide has installed sophisticated software to monitor the system and confirm that nothing of concern has been detected to date.

Based on the above steps Evide’s and its forensic IT investigators have confirmed that, while absolute guarantees can never be given, they are as sure as they can be that the systems are now secure.

Who and what has been affected by the incident?

Evide have notified all clients who may be affected by the incident. The data in question was not structured in a way that would make finding specific information about an individual easy, and it’s important to note that we have no evidence of further misuse of our clients’ data.

The incident also does not relate to all data held relating to an individual. However, because some personal data relating to DYS has been exfiltrated from our system, Evide have notified us of this matter.

There has been no material disruption to Evide’s supply of services to any clients.

Who else has been notified? Have you told the police?

Evide has informed the Police Service of Northern Ireland who notified An Garda Síochána, the National Crime Agency and other Law Enforcement agencies within the UK.

What other actions are they taking?

Evide’s team responded promptly and effectively to the situation and have been working around the clock to address the issue and minimise disruption.

Evide have been in touch with the relevant authorities and immediately engaged specialist external industry experts to assist with its investigation and efforts to restore its systems.

We are pleased to say that, whilst absolute guarantees can never be given, Evide’s systems have been fully and safely restored and Evide is fully operational again.

Lessons learned from the incident will be reviewed to identify any improvements which should beimplemented to prevent recurrence of the incident.

Should I be worried about my clients’ personal details?

Whilst we cannot say for certain, we are operating on the basis that all of our data has been taken.

However, there is no evidence of any further misuse of our data but it is possible that some personal data relating to you could become visible to third parties.

While in no way wishing to downplay the incident, the context of the incident is relevant. The third party was seeking to extort money from Evide. As part of this they exfiltrated some data. The data which has been exfiltrated is of little monetary value to the third party.

The data exfiltrated is not structured in a way that would make finding information about any individual easy. In all likelihood, a search would be needed to find the data set and then a search within the dataset to find relevant information.

Is there any further action I need to take to protect my data?

You may choose to take the following steps in relation to your data:

  • Be aware of suspicious emails and texts from unknown or untrusted senders, and never send money
  • to someone you don’t know via email or text.
  • Do not open any attachments or click on links from unknown senders.
  • Double check the email addresses from senders that present themselves as a bank or other recognised institution. Look out for a sender’s email address that is similar to, but not the same as their bank or card supplier’s. If in doubt, delete the email.
  • Regularly review your bank account statements for any suspicious activity, and immediately alert your bank if you notice anything that looks unusual.
  • Remove your name from direct marketing lists and contact your telephone service provider in relation to amending your directory listing in the National Directory Database (NDD) in order to reduce the number of marketing offers you receive.
  • Further helpful advice on protecting yourself from fraud can be found on an Garda Síochána’s website (https://www.garda.ie/en/crime/fraud/).

Has any data been taken?

Whilst we cannot say for certain, we are operating on the basis that all of our data has been taken.

However, there is no evidence of any further misuse of data. It is possible that some personal data relating to you could become visible to third parties. We are monitoring this through external experts.

While in no way wishing to downplay the incident the context of the incident is relevant. The third party was seeking to extort money from Evide. As part of this they exfiltrated some data. The data copied is of little monetary value to the third party other than to hold to ransom. The data exfiltrated is not structured in a way that would make finding information about any individual easy. In all likelihood a search would be needed to find the data set and then a search  within the dataset to find relevant information.

Contact Alcohol Forum Ireland

If you have any concerns or questions, please call Alcohol Forum Ireland 074 9125596 to speak to a member of staff.

Scroll to Top