Data stolen during the HSE cyberattack in May included information generated by Tusla.
The Child and Family Agency says there's no indication to date the material has been published online or used for criminal purposes.
A more detailed review of the stolen material is under way and is expected to take up to four months.
In a statement, Tusla's chief executive, Bernard Gloster, says once the review is completed, steps will be taken to communicate with and support any people affected.
Tusla said: "Material which was stolen by the attackers from HSE systems has recently been provided to the HSE by An Garda Siochana. Following preliminary analysis it has now been confirmed that the stolen data also includes information generated by the Child & Family Agency.
"There has been no indication to date that this material has been published online or used for criminal purposes. We have now commenced a more detailed review of the stolen material as the next phase of the investigation."
Bernard Gloster, CEO of Tusla, said: “The review of this stolen data will be thorough and once completed we will take all steps to communicate with and support any people affected, in addition to our regulatory engagement with the DPC.
"It is likely that the review will take up to four months but we cannot be certain at this stage.
"In addition to this investigation we have spent the recent months making major improvements to our systems and a full plan of work is scheduled for 2022.”
