Notice of a Data Breach  

This public notice provides important information about a data breach that may have compromised the personal information of some of our current and former employees, students, service users and clients.   

What happened  

On 12 March 2022, Rehab Group was maliciously targeted by a criminal cyber-attack. This was a ransomware attack where criminals hacked our computer systems and encrypted some files, demanding a ransom for the return of our data. Whilst obtaining personal data for the purposes of committing fraud does not appear to have been the primary objective of the hacking, we are informing people who may have been impacted, so they can exercise caution. Rehab Group has not paid any ransom or engaged with these criminals in any manner.   

How individuals might be affected  

The types of personal information that could have been compromised by the ransomware attack may include one or more of the following: personal details (name and contact details, date of birth, PPS number), bank account details, payment details, disability categorisation, next of kin name and contact details.  

There is no evidence of scams related to this cyber-attack or personal information being published online or misused.  External security experts are monitoring places where hackers go to sell this information and no activity relating to the sale or release of Rehab Group data has been observed. Ongoing monitoring will continue.    

How to protect yourself  

It is essential to remain vigilant and watch out for potential scams and requests for information from third parties. The best defence is to stay informed, alert and secure. In particular, always remember the following:  

  • Never respond to an email, text or call asking for your financial, personal or security information  
  • Don’t click on suspicious links or attachments in unsolicited emails or texts  
  • Check your accounts regularly for any unusual activity  

For more information and tips on protecting yourself from online fraud, visit  

Our response to the cyber attack  

We reported the incident to the Data Protection Commission (DPC) as a personal data breach on 15 March 2022, and have been keeping the DPC updated since then. From the outset, we engaged with the Garda National Cyber Crime Bureau and the National Cyber Security Centre.  We engaged specialist forensic IT experts to help identify which data was compromised and who could be impacted.    

The people in our services remain our number one priority and it is important to note that the work of Rehab Group throughout the country has continued without interruption. 

More information  

If this notice applies to you, and you have questions or need more information about the incident, you can contact us at 

Rehab Group sincerely apologises for any concern or inconvenience caused.