Tusla set to contact people in Kilkenny whose data was compromised in cyberattack

Tusla is to begin contacting around 20,000 people, included those impacted from Kilkenny, whose data was compromised in the 2021 HSE cyber attack.

The child and family agency said there was no indication the data had been published online, but they would continue to monitor the situation.

BREAKING: An Bord Pleanála gives the green light for large new hotel in Kilkenny

It said the information of some people using Tusla services and a “small number” of employees was illegally accessed and copied.

This could include HR information such as leave requests, said Kate Duggan, Tusla deputy chief executive and national director of service and integration.

“In relation to members of the public, this is relating to anything from referral letters, to reports, to email correspondence,” she told RTE Radio.

“And when we talk about 20,000 individuals, it may not be, or won’t be a whole file relating to an individual, it may be one document, one letter, one report. But that’s not to say that (it doesn’t) contain very sensitive information.”

Tusla is to begin contacting people whose information was illegally accessed and copied during the cyber attack, a process expected to be completed by November.

Ms Duggan offered an apology to those affected, and said Tusla would continue to monitor the situation with the assistance of cyber-security experts.

“There is also no evidence that any of the Tusla information has been involved in scams or other fraudulent activity,” she said in a statement.

“We sincerely regret the impact this criminal cyber attack has had on people who have been involved with Tusla services, and on our teams across the country, and we will be apologising to each person we write to as part of our notification process.

“We have worked hard to create a process that is transparent, empathetic and supportive for those who have been affected, and we will offer each person we write to the choice to call our dedicated team for support and guidance, or, to meet face-to-face with a case worker, should they wish to do so.

“We acknowledge that it has taken some time for the commencement of this notification programme, however, it was crucial that each record that was affected by the cyber attack was carefully reviewed to identify the people affected. We also have to ensure that letters are being sent to verified addresses.

ALERT: Serious cold snap possible in coming weeks - Kilkenny Live

Take note!

“Notifications will continue over the coming months, and we ask for understanding and patience as we continue to work through this complex process.”

Tusla said in a statement: “Given the nature of the work that Tusla does, in terms of personal social service provision across a range of areas, the types of personal information affected include names, addresses, contact phone numbers, correspondence with service users, various reports, and referrals made to Tusla.

“For staff, information what was affected includes documents such as HR forms submitted in relation to leave and files relating to staff travel expenses. Tusla has considered the individual needs of the people affected by the cyber attack and will take account of these when notifying them.

“All IT systems that support Tusla services were restored by June 30, 2021, and much of Tusla’s IT infrastructure has since completed a migration to Tusla-owned and secured systems, of which cyber-security is a cornerstone.

“Tusla has worked closely with An Garda Siochana, the National Cyber Security Centre, and various other specialist national and international agencies to strengthen our IT security and we continue to assess our systems for vulnerabilities.”

Tusla added that at the start of 2022, a 13 million euro investment in cyber-security infrastructure was made across its device, email, and network security.