MTU has confirmed that data that has been accessed and copied from its systems during last week's cyber attack has been made available on the dark web.
The university will reopen today after its four campuses in Cork last week were closed.
In a statement issued last night, MTU say their forensic experts are continuing to investigate the incident, and will review the nature of the data compromised.
MTU say that they have begun to notify those potentially affected by the release of data, but that it is not possible at this early stage to fully ascertain the exact nature of all the data affected, including personal data, or to identify all the persons involved.
MTU say that students and staff should be vigilant in looking out for potential attacks by SMS or email.
The Data protection commissioner has been informed of this latest development, while MTU say that while they continue with their own investigation they are advising any person potentially affected to follow the advice of the National Cyber Security Centre until they are in a position to provide a further specific update and guidance to affected individuals.
On Friday the university secured an interim High Court injunction to prevent the sale, publication and possession of any data that was stolen when its IT system was hacked on Monday.
The statement from MTU reads:
Today, Sunday 12 February, following careful and ongoing monitoring of this evolving
situation, Munster Technological University (MTU) have received confirmation from our
technical advisors and members of the National Cyber Security Centre who have been
assisting us in relation to this incident that certain data has been accessed and copied from
MTU systems in the course of the ransomware incident and made available on the ‘dark
web’. The Data Protection Commission has been informed of this development.
Our forensic experts are continuing to investigate this incident and will review the nature of
the data compromised. While it is not possible at this early stage to fully ascertain the exact
nature of all data (including personal data) affected or the identity of all persons affected by
this release, we have already commenced the process of notifying those potentially affected
of this development. In the meantime, we advise any person potentially affected by this
incident to follow the advice of the National Cyber Security Centre below while we continue
with our investigation and until we are in a position to provide a further specific update and
guidance to affected individuals in line with our data protection obligations.
As communicated in our update of Saturday 11 February, as part of the range of measures
that are being taken by MTU in response to this incident and to mitigate its effects, we
secured an interim injunction from the High Court in an effort to prevent the sale,
publication, sharing, possession, or any other use of any data illegally obtained from MTU
systems in the course of this ransomware incident. Our forensic advisers will continue to
monitor the internet at this time for evidence that this illegally removed data is being shared
or published and we will work with search engines and social media networks and any other
relevant digital publisher to the extent necessary and so far as is possible to enforce the
injunction and have data removed.
All possible affected persons should be extra vigilant in respect of potential attacks by email
or SMS or other unsolicited communications. Further information and advice on how to spot
and protect yourself against phishing attacks is available from the National Cyber Security
Centre by following these links NCSC: ECSM 2022 Phishing and NCSC_Quick_Guide_Phishing.pdf
We wish to reassure our students, staff and all other persons potentially affected by this
update that we are deploying all available resources with the support of our external
forensic advisers and the National Cyber Security Centre in the investigation and mitigation
of this matter.
