Council made aware of cyber-security attack on third-party Company
18th April 2023
Fermanagh and Omagh District Council has been made aware that a third-party company, Evide Impact Limited, who processes data on behalf of the Council has recently been impacted by a cyber-security incident.
The company provides a database system to record the details of participants on the Council’s ASPIRE programme. ASPIRE is a local employability initiative which is delivered in partnership with the Western Health and Social Care Trust, Education Authority (Western Region) and delivery partner Fermanagh Rural Community Initiative. The personal data of some participants may have been impacted.
The Council wishes to stress that none of the Council’s own systems have been affected. The Council is continuing to liaise with the Third-party company, a Cyber-Security Insurance team and the PSNI in relation to the matter to ascertain the extent of the impact, and to mitigate against any further impact.
The Council has reported the matter to the Information Commissioner’s Office and is complying with the associated requirements in this regard. The Council is informing all of those affected by the incident and is providing useful information on steps they may wish to take as a precaution. The Council has also informed the partner organisations.
The Council is also aware, through media reports, that other organisations in the UK and Ireland have been affected and they are also undertaking similar measures.
The external company which was the victim of the cyber attack has been working with cyber-security specialists to restore the system securely. They have advised the Council that they have no evidence of further misuse of the data at this stage.
The Council would recommend that anyone who may have been impacted should:
- Be alert to any suspicious emails or texts and never send money via email or text;
- Not open any attachments or click on any links from unknown senders;
- Double check that the email address is legitimate and is from the sender as they present themselves;
- Regularly review bank statements for any suspicious activity; and
- Remove their name from direct marketing lists.
Further information is also available on the National Cyber Security Centre website (www.ncsc.gov.uk/guidance/data-breaches).