Evide data breach

Last updated June 10, 2024

The Evide data breach was a data breach caused by ransomware in Northern Ireland.^[1]^[2]^[3]^[4]^[5]^[6]

Evide

Evide is a company based in Derry which specialises in data storage and analysis for charities.^[2] Evide manages data for around 140 organisations.^[2] At least four of the affected organisations deal with survivors of rape or sexual abuse.^[6]

Events

Breach

The Police Service of Northern Ireland has confirmed that it was contacted in March about a cyber attack and it was investigating.^[3] Gardaí are cooperating with them, including the Garda National Cyber Crime Bureau.^[3]

The charity One in Four was told of the breach on 5 April 2023.^[2]

Disclosure

The news of the breach was made public on 17 April 2023.^[1]^[2]^[3]^[4]^[5]^[6]^[7]

Impact

A number of organisations were affected, including the Dublin-based charity One in Four, which supports adult survivors of child sexual abuse. Maeve Lewis, CEO of One in Four, told RTÉ News that personal data, including phone numbers and email addresses had been stolen. However, letters and reports to child protection services were not taken. About 1000 people who had been engaged with One in Four might be affected. One in Four contacted Evide to ask them to take legal action against the attackers as One in Four was not directly attacked.^[1]^[2]^[3]^[4]^[5]

Orchardville, an organisation based in Northern Ireland, said that it was not sure if any of its data was affected.^[3]^[4]

Charities affected could be investigated by the Data Protection Commissioner.^[2]

Reactions

Ossian Smyth said the investigation was in early stages and urged caution as some stories circulating may not be true.^[1]

Related Research Articles

Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, although making unfounded threats in order to obtain an unfair business advantage is also a form of extortion.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

MOVEit is a managed file transfer software product produced by Ipswitch, Inc.. MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data, as well as providing automation services, analytics and failover options. The software has been used in the healthcare industry by companies such as Rochester Hospital and Medibank, as well as thousands of IT departments in high technology, government, and financial service companies like Zellis.

REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.

Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly worth 450,000 euros at the time, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.

Emsisoft Ltd. is a New Zealand-based anti-virus software distributed company. They are notable for decrypting ransomware attacks to restore data.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

Conti is malware developed and first used by the Russia-based hacking group "Wizard Spider" in December, 2019. It has since become a full-fledged ransomware-as-a-service (RaaS) operation used by numerous threat actor groups to conduct ransomware attacks.

Beginning on the night (UTC-6:00) of April 17, 2022, a ransomware attack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute, state internet service provider RACSA, the Costa Rican Social Security Fund, the Ministry of Labor and Social Security, the Fund for Social Development and Family Allowances, and the Administrative Board of the Municipal Electricity Service of Cartago.

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.

In September 2022, Australian telecommunications company Optus suffered a data breach that affected up to 10 million current and former customers comprising a third of Australia's population. Information was illegally obtained, including names, dates of birth, home addresses, telephone numbers, email contacts, and numbers of passports and driving licences. Conflicting claims about how the breach happened were made; Optus presented it as a complicated attack on its systems while an Optus insider and the Australian Government said a human error caused a vulnerability in the company's API. A ransom notice asking for A$1,500,000 to stop the data from being sold online was issued. After a few hours, the data thieves deleted the ransom notice and apologised for their actions.

Play is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, Brazil, Argentina, Germany, Belgium and Switzerland.

Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.

BlackCat, also known as ALPHV and Noberus, is a ransomware family written in Rust. It made its first appearance in November 2021. By extension, it is also the name of the threat actor(s) who exploit it.

References

1 2 3 4 Clarke, Vivienne; Sheehy, Mairead (2023-04-17). "Abuse victims warned over 'dodgy emails' following ransomware attack". Irish Examiner . Retrieved 2023-04-18.
1 2 3 4 5 6 7 Brennan, Cianan (2023-04-17). "Charities for abuse victims may face sanctions over data breach". Irish Examiner . Retrieved 2023-04-18.
1 2 3 4 5 6 "Cyber attack: Data from charities stolen in ransomware attack". BBC News. 2023-04-17. Retrieved 2023-04-18.
1 2 3 4 Boland, Lauren (2023-04-17). "Investigation underway into cyber attack affecting charities for sexual assault survivors". TheJournal.ie . Retrieved 2023-04-18.
1 2 3 McGreevy, Ronan; Clarke, Vivienne (2023-04-17). "Sex abuse survivors' charity One in Four victim of data breach". Irish Times . Retrieved 2023-04-18.
1 2 3 Reynolds, Paul (2023-04-17). "Abuse victims' data stolen in ransomware attack" . Retrieved 2023-04-18.
↑ Jordan, Jeff. "Data breach investigation" . Retrieved 17 June 2023.

External links

Evide - home page of the targeted company

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[ie-abuse-victims-warned-over-dodgy-emails-1] 1 2 3 4 Clarke, Vivienne; Sheehy, Mairead (2023-04-17). "Abuse victims warned over 'dodgy emails' following ransomware attack". Irish Examiner . Retrieved 2023-04-18.

[ie-charities-for-abuse-victims-may-face-sanctions-2] 1 2 3 4 5 6 7 Brennan, Cianan (2023-04-17). "Charities for abuse victims may face sanctions over data breach". Irish Examiner . Retrieved 2023-04-18.

[bbc-cyber-attack-data-from-charities-stolen-3] 1 2 3 4 5 6 "Cyber attack: Data from charities stolen in ransomware attack". BBC News. 2023-04-17. Retrieved 2023-04-18.

[tj-investigation-underway-into-cyber-attack-4] 1 2 3 4 Boland, Lauren (2023-04-17). "Investigation underway into cyber attack affecting charities for sexual assault survivors". TheJournal.ie . Retrieved 2023-04-18.

[it-sex-abuse-survivors-charity-one-in-four-victim-of-data-breach-5] 1 2 3 McGreevy, Ronan; Clarke, Vivienne (2023-04-17). "Sex abuse survivors' charity One in Four victim of data breach". Irish Times . Retrieved 2023-04-18.

[rte-abuse-victims-data-stolen-6] 1 2 3 Reynolds, Paul (2023-04-17). "Abuse victims' data stolen in ransomware attack" . Retrieved 2023-04-18.

[7] Jordan, Jeff. "Data breach investigation" . Retrieved 17 June 2023.

[1]

[2]

[3]

[4]

[5]

[6]

[7]