When we told you that Rehab Group was the victim of a cyber-attack, we had already put in place a team to manage what we needed to do.
We then asked experts to complete a detailed investigation and to help us to understand what had happened. This has now taken place and we can now write to anyone whose data we think might be at risk.
While we cannot be sure anyone’s personal information was actually taken, we are telling people so that, if they think it relates to them, they can take precautions to protect themselves from the potential risk of identity theft or fraud.
No demands have been received.
Rehab Group did not pay any ransom or engage with these criminals.
At this point we cannot examine the information taken any further. We do know some personal information of our current and former students/service users was held in the systems accessed by the hackers and therefore there is a risk that this information was taken.
To date we have not found any evidence of Rehab Group data being sold, used inappropriately or made available by the attackers. Experts continue to watch websites used by criminals to check for anything that involves information stolen in the cyber-attack.
If we become aware of this, we will tell the Gardaí National Cyber Crime Bureau.
We reported the incident to the Data Protection Commissioner and we continue to keep them informed.
Yes, as this is a criminal attack, the Gardaí were notified immediately.
We have undertaken detailed work to further secure our systems. We have updated our protection and have a number of inbuilt alerts in case other people try to access our systems.