Charity data stolen in ransomware attack on supplier

A number of charities in Ireland and the UK have had their data compromised following a ransomware attack on an IT supplier

Alex Scroxton

By

Published: 17 Apr 2023 13:00

The Police Service of Northern Ireland (PSNI) and Ireland’s An Garda Síochána are probing a series of data breaches at several charities working with vulnerable individuals, including victims child sexual abuse, after their data was compromised in a cyber attack on an IT supplier.

The supplier, Derry-Londonderry-based Evide, is a data management services firm specialising in third-sector organisations. Its Impact Tracker platform is used by charities across in Ireland and the UK to manage campaign data and outcomes.

It is understood it was targeted by an as-yet undisclosed ransomware operator in March 2023. According to RTÉ, its attackers have demanded a ransom, but Evide has not paid.

In a statement, Evide said: “We recently became aware of an incident when unusual traffic was detected on our network. As soon as we became aware that a third party had accessed our systems we immediately contacted the PSNI and engaged the services of experienced cyber security specialists to assist us to contain the issue, support recovery efforts, and conduct a thorough investigation.

“We have provided notifications to all relevant stakeholders and clients and also notified the relevant authorities, including the Police Service of Northern Ireland who notified An Garda Síochána. The incident is now also subject to a criminal investigation.”

Two of the charities known to have been hit are Dublin-based One in Four, which works with adult survivors of child sexual abuse, and Belfast-based Orchardville, which supports adults with autism and learning disabilities.

One in Four said it learned of the breach on 5 April when it was notified in the course of Evide’s investigation.

“We now know that the personal information of people who have used our service has been accessed,” the organisation said in a statement.

“We have begun contacting individual clients directly to advise them of the incident and to address any concerns they may have. We have taken this approach to allow us to provide proper supports to clients who may find this incident distressing. Our priority at all times is to the welfare and wellbeing of our clients.”

Speaking to RTÉ, the charity’s CEO Maeve Lewis said she was unsure what data had been stolen, but that it did likely include personal information.

Orchardville, meanwhile, said it was also working to establish what data had been compromised and has warned service users to be on the alert for suspicious contacts.

“It’s reprehensible but attacks like this against some of the most vulnerable are popular with certain cyber criminals,” said Comparitech security specialist Brian Higgins.

“The instinctive reaction of victim organisations will always be to do their utmost to protect those they are charged with helping and this can often be exploited as a motivation to pay a ransom quickly rather than risk any further harm.

“It appears that Evide, its affected clients, and PSNI, have a comprehensive incident response plan in action and are doing their utmost to see out this despicable attack in the recommended fashion.

“Their comms strategy is very clear and anyone who thinks they may be affected or know somebody who is a client of any of the listed victim organisations should follow the advice issued by PSNI and report any unsolicited messages about the attack. Never engage or reply. Only report and delete,” he added.

Risk to charities

Charities are considered particularly at risk from cyber security incidents of this type for two main reasons.

The first is because of the wealth of immensely valuable personal data that they hold. By its nature, said data frequently falls under the umbrella term of special category data under the UK and European Union (EU) GDPR – which includes information on ethnic and racial background, political opinions, philosophical and religious believes, trade union membership, genetic data, biometric data, health data, and data on an individual’s sex life, sexual orientation and gender identity.

The second reason is that charities are frequently small, under-resourced organisations that may be reluctant to spend their limited funds on appropriate cyber security controls, often rely on bring-your-own-device policies, and have a high number of casual workers and volunteers who may lack basic cyber awareness and training.

Writing in Computer Weekly in February 2023, Rob Shapland, an ethical hacker and head of cyber innovation at Falanx Cyber, and Adam Monks, chief executive of third-sector specialist MSP Smartdesc set out three steps that charities can take to help mitigate the risk of falling victim to a cyber attack. These are:

  1. To outsource and invest in a virtual chief information security officer (vCISO) service;
  2. To consider investing in managed detection and response (MDR) services;
  3. And to use third-party penetration testing and ethical hacking services if possible.

“Charities are on cyber criminals’ radars, even the large, well-known charities are vulnerable. The impact of a large-scale attack can be devastating– particularly the downtime and damage to the brand and supporter trust,” they wrote.

“The investment of time and money into the right cyber security strategy and services, from specialists that understand the challenges of the sector, will always outweigh the long – and reputationally damaging – road to recovery from a successful attack.”

Popular support package

Meanwhile, in January of this year, the UK’s National Cyber Security Centre (NCSC) launched a package of support measures for charity organisations working with vulnerable groups – including children, domestic violence survivors, and refugees.

Delivered alongside the IASME cyber assurance consortium, charities that successfully applied for the Funded Cyber Essentials scheme are to receive 20 hours of free support from an accredited Cyber Essentials assessor to help them implement the five core pillars – firewalls, secure settings, access controls, malware and software updates – that open up the NCSC’s Cyber Essentials Plus certification.

The offer proved so popular that the NCSC and IASME have since had to close applications.

Read more on Data breach incident management and recovery

Read More
Lloyd Stoval

Latest

Bitcoin reclaiming its $69,000 holder cost basis could open XRP’s path to $1.26

Bitcoin’s move toward $69,000 would put XRP near $1.20, with renewed strength against BTC opening a path toward $1.26. Jul. 17, 2026 at 11:35 am GMT 3 min read Glassnode says Bitcoin’s $69,000 short-term holder cost basis is the next recovery test for the market and XRP. If Bitcoin reclaims it, XRP could hold near

Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

Real estate mogul Grant Cardone said Cardone Capital added another 10.5 BTC from July property cash flow, bringing his total keep somewhere around 2,700 BTC. Key Takeaways Cardone Capital added 10.5 BTC from July real estate cash flow, bringing total to more than 2,700 BTC. Grant Cardone targets 3,000 BTC in 2026 and 10,000 BTC

Morgan Stanley Completes E*Trade Crypto Rollout With 50 Basis Point Fees: Here’s What Clients Get

Morgan Stanley’s E*Trade finished rolling out spot bitcoin, ether and solana trading to U.S. clients on July 16, undercutting rivals with a 50-basis-point fee as Wall Street’s crypto race accelerates. Key Takeaways E*Trade now offers spot BTC, ETH and SOL trading 24/7, with Zerohash handling custody and settlement. Morgan Stanley’s 50-basis-point fee undercuts Coinbase and

Glassnode: Bitcoin Tests Key Resistance as Macro Narrative Evolves 

Bitcoin reacted more strongly than major equity markets to softer US inflation, highlighting a growing sensitivity to macro liquidity conditions. On-chain data suggests selling pressure from long-term holders is easing while buyers absorbed much of June’s decline. The short-term holder cost basis near US$69,000 (AU$100,050) is emerging as the next major resistance, with stronger spot

Newsletter

Don't miss

Bitcoin reclaiming its $69,000 holder cost basis could open XRP’s path to $1.26

Bitcoin’s move toward $69,000 would put XRP near $1.20, with renewed strength against BTC opening a path toward $1.26. Jul. 17, 2026 at 11:35 am GMT 3 min read Glassnode says Bitcoin’s $69,000 short-term holder cost basis is the next recovery test for the market and XRP. If Bitcoin reclaims it, XRP could hold near

Grant Cardone Stacks Another 10.5 Bitcoin From July Rent Cash Flow, Keeping Holdings Above 2,700 BTC

Real estate mogul Grant Cardone said Cardone Capital added another 10.5 BTC from July property cash flow, bringing his total keep somewhere around 2,700 BTC. Key Takeaways Cardone Capital added 10.5 BTC from July real estate cash flow, bringing total to more than 2,700 BTC. Grant Cardone targets 3,000 BTC in 2026 and 10,000 BTC

Morgan Stanley Completes E*Trade Crypto Rollout With 50 Basis Point Fees: Here’s What Clients Get

Morgan Stanley’s E*Trade finished rolling out spot bitcoin, ether and solana trading to U.S. clients on July 16, undercutting rivals with a 50-basis-point fee as Wall Street’s crypto race accelerates. Key Takeaways E*Trade now offers spot BTC, ETH and SOL trading 24/7, with Zerohash handling custody and settlement. Morgan Stanley’s 50-basis-point fee undercuts Coinbase and

Glassnode: Bitcoin Tests Key Resistance as Macro Narrative Evolves 

Bitcoin reacted more strongly than major equity markets to softer US inflation, highlighting a growing sensitivity to macro liquidity conditions. On-chain data suggests selling pressure from long-term holders is easing while buyers absorbed much of June’s decline. The short-term holder cost basis near US$69,000 (AU$100,050) is emerging as the next major resistance, with stronger spot

Crypto.com Secures $400M Investment From Citadel Securities at $20B Valuation

Global market maker Citadel Securities has invested $400 million in crypto exchange Crypto.com, giving the platform a $20 billion valuation, according to a Thursday announcement.  Crypto.com, which has a number of digital asset products, said the cash would help the Singapore-based company expand its services to assets such as blockchain-based securities and derivatives.  The cash

Grey Business processes $61 million as stablecoins dominate payments

Grey Business enables startups and SMEs to open US Dollar (USD) corporate accounts, send and receive international payments, convert currencies, and transact using stablecoins such as USDC and USDT...

Utah Marketers to Host Free Business Networking Event in Layton on June 24

The custom web design company is hosting free monthly networking events for Northern Utah business leaders, with the next event scheduled for June 24 from 4 to 6 p.m. Utah Marketers is hosting a free local business networking event on June 24 from 4 to 6 p.m. at the company’s Layton office. The event is

WellnessVibe Announces Business DNA Workshop in Delhi and Mumbai, where Ancient Sound Wisdom Meets Modern Business Strategy

WellnessVibe has officially announced the launch of its transformative Business DNA Workshop on 7th June 2026 in Delhi and 20th June 2026 in Mumbai. (1888PressRelease) June 03, 2026 - Delhi/Mumbai, India - WellnessVibe has officially announced the launch of its transformative Business DNA Workshop on 7th June 2026 in Delhi and 20th June 2026 in