Ransomware attack on IT supplier affects charities’ data
April 2023 by Andy Hornegold, Product Lead at Intruder
After therecent news of several charities in Ireland and the UK having their data compromised in a ransomware attack on an IT supplier, which is deeply concerning for the affected organisations – some of whom hold the data of vulnerable people such as victims of sexual crimes.
In light of this incident, the comment from Andy Hornegold, Product Lead at vulnerability management firm, Intruder,
“Based on the information that is currently available, it sounds Evide has done what’s generally considered right in this situation. It has contacted law enforcement and already reached out to stakeholders and customers. It has also stated that it is going through its incident response process. We’ll need time and more information before we can take away any real insights into this breach.
“At this point I don’t think we can say whether the provider was specifically targeted or just a victim of an opportunistic attack. Either way, we’re continuing to see that there’s little to no restraint on the part of these operators, they’ll target who they can and try to get that payout regardless of who is impacted. Previously we’ve seen national health services hit (during a global pandemic), schools’ and children’s information hit, and now charities supporting vulnerable people - I’m not sure anyone is surprised at this point, but we can all agree it’s reprehensible.
“When looking to protect yourself, there is a lot of help available for organisations of all sizes from the likes of NCSC and private sector. We’ve seen people mentioning the assistance provided by the Cyber Essentials scheme with regard to the charity sector. I think it’s worth highlighting that the scheme does a lot of good, but it really is just the essentials for cyber security - you need to continue to build on those essentials to ensure you can weather an attack like this.”