The director of the National Cyber Security Centre, Richard Browne, has confirmed that a substantial amount of data has been leaked from Munster Technological University (MTU) following the recent cyberattack.
Mr Browne told RTÉ radio’s Morning Ireland that efforts will now be made to sift through what information has been released so that the proper processes can then be pursued by the DPP.
“Unfortunately, it's a consequence of what happens in these cases.”
Mr Browne explained that a court order was sought last week prohibiting the sharing and release of the material in Ireland. “Very often when this material is released, very little happens with us depending on what it is. And of course we don't know exactly what it is yet.
“Every now and then, people's personal information is used for fraud, it's used for financial crime, it's used for whatever it might be. So the obvious things apply.
“People should keep an eye on their financial details. They should be careful, particularly of any phishing emails or any scams as they would in any case, but particularly in this case.”
Mr Browne said that very often the information that is held in universities and other institutions is not particularly damaging. “It might be your name and your address, but that kind of information is readily obtainable online in lots of cases anyway.”
It was important that people do not download, share or reshare information that was stolen. “The attackers have done what they're going to do. This is an extremely prolific group and their leak site has over 250 victims.
“This group has only been active for less than two years. This gives you an idea of the scale of operation you're dealing with here. They will just dump this debt and walk away from them, this attack is over. They've lost essentially.
“They have spent their money and have got nothing back from it. They're done. And the question for us now is how do we limit the damage of that data being out there in the world? And one of the things that the victim can do in these cases is a court order like this.”
Mr Browne said that the majority of such attacks were preventable, but that cyber crime groups like BLACKCAT use a variety of tools to break into systems. “They use vulnerabilities. So for larger organisations, they need to be very much on top of their patching and their vulnerability management, because sooner or later, the gaze of a group like BLACKCAT will turn to you and it'll just be your turn.
“So managing vulnerabilities is a huge challenge and we can do an awful lot at national level to help with that. And we do a lot of work already and we have legislation and further measures coming in the context of the mid-term review of the National Cyber Security Strategy, which will help with that as well.
“There are things individual organisations can do, there are things individuals can do, and there's things we can do at a national level to help this process as well. This is about the world as a whole dealing with it.
“Working together across governments, particularly chasing down the money, is a really, really valuable tool.”
