Evide data breach

Last updated September 13, 2023

In March 2023, a data breach targeted Evide, caused by ransomware in Northern Ireland.^[1]^[2]^[3]^[4]^[5]^[6]

Evide

Evide is a company based in Derry which specialises in data storage and analysis for charities.^[2] Evide manages data for around 140 organisations.^[2] At least four of the affected organisations deal with survivors of rape or sexual abuse.^[6]

Events

Breach

The Police Service of Northern Ireland has confirmed that it was contacted in March about a cyber attack and it was investigating.^[3] Gardaí are cooperating with them, including the Garda National Cyber Crime Bureau.^[3]

The charity One in Four was told of the breach on 5 April 2023.^[2]

Disclosure

The news of the breach was made public on 17 April 2023.^[1]^[2]^[3]^[4]^[5]^[6]

Impact

A number of organisations were affected, including the Dublin-based charity One in Four, which supports adult survivors of child sexual abuse. Maeve Lewis, CEO of One in Four, told RTÉ News that personal data, including phone numbers and email addresses had been stolen. However, letters and reports to child protection services were not taken. About 1000 people who had been engaged with One in Four might be affected. One in Four contacted Evide to ask them to take legal action against the attackers as One in Four was not directly attacked.^[1]^[2]^[3]^[4]^[5]

Orchardville, an organisation based in Northern Ireland, said that it was not sure if any of its data was affected.^[3]^[4]

Charities affected could be investigated by the Data Protection Commissioner.^[2]

Reactions

Ossian Smyth said the investigation was in early stages and urged caution as some stories circulating may not be true.^[1]

Related Research Articles

Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, although making unfounded threats in order to obtain an unfair business advantage is also a form of extortion.

<span class="mw-page-title-main">Ransomware</span> Malicious software used in ransom demands

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc.

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly 450,000 euros, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.

Emsisoft Ltd. is a New Zealand-based anti-virus software distributed company. They are notable for decrypting ransomware attacks to restore data.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

Wizard Spider, also known as Trickbot, is a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in Ukraine. They are estimated to number about 80, some of them may not know they are employed by a criminal organisation.

Beginning on the night (UTC-6:00) of April 17, 2022, a ransomware attack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute, state internet service provider RACSA, the Costa Rican Social Security Fund, the Ministry of Labor and Social Security, the Fund for Social Development and Family Allowances, and the Administrative Board of the Municipal Electricity Service of Cartago.

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.

Play is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, Brazil, Argentina, Germany, Belgium and Switzerland.

Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.

BlackCat, also known as ALPHV and Noberus is a ransomware family written in Rust, that made its first appearance in November 2021. By extension, it's also the name of the threat actors that exploits it.

References

1 2 3 4 Clarke, Vivienne; Sheehy, Mairead (2023-04-17). "Abuse victims warned over 'dodgy emails' following ransomware attack". Irish Examiner . Retrieved 2023-04-18.
1 2 3 4 5 6 7 Brennan, Cianan (2023-04-17). "Charities for abuse victims may face sanctions over data breach". Irish Examiner . Retrieved 2023-04-18.
1 2 3 4 5 6 "Cyber attack: Data from charities stolen in ransomware attack". BBC News. 2023-04-17. Retrieved 2023-04-18.
1 2 3 4 Boland, Lauren (2023-04-17). "Investigation underway into cyber attack affecting charities for sexual assault survivors". TheJournal.ie . Retrieved 2023-04-18.
1 2 3 McGreevy, Ronan; Clarke, Vivienne (2023-04-17). "Sex abuse survivors' charity One in Four victim of data breach". Irish Times . Retrieved 2023-04-18.
1 2 3 Reynolds, Paul (2023-04-17). "Abuse victims' data stolen in ransomware attack" . Retrieved 2023-04-18.

External links

Evide - home page of the targeted company

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[ie-abuse-victims-warned-over-dodgy-emails-1] 1 2 3 4 Clarke, Vivienne; Sheehy, Mairead (2023-04-17). "Abuse victims warned over 'dodgy emails' following ransomware attack". Irish Examiner . Retrieved 2023-04-18.

[ie-charities-for-abuse-victims-may-face-sanctions-2] 1 2 3 4 5 6 7 Brennan, Cianan (2023-04-17). "Charities for abuse victims may face sanctions over data breach". Irish Examiner . Retrieved 2023-04-18.

[bbc-cyber-attack-data-from-charities-stolen-3] 1 2 3 4 5 6 "Cyber attack: Data from charities stolen in ransomware attack". BBC News. 2023-04-17. Retrieved 2023-04-18.

[tj-investigation-underway-into-cyber-attack-4] 1 2 3 4 Boland, Lauren (2023-04-17). "Investigation underway into cyber attack affecting charities for sexual assault survivors". TheJournal.ie . Retrieved 2023-04-18.

[it-sex-abuse-survivors-charity-one-in-four-victim-of-data-breach-5] 1 2 3 McGreevy, Ronan; Clarke, Vivienne (2023-04-17). "Sex abuse survivors' charity One in Four victim of data breach". Irish Times . Retrieved 2023-04-18.

[rte-abuse-victims-data-stolen-6] 1 2 3 Reynolds, Paul (2023-04-17). "Abuse victims' data stolen in ransomware attack" . Retrieved 2023-04-18.

[1]

[2]

[3]

[4]

[5]

[6]