Evide data breach

The Evide data breach was a data breach caused by ransomware in Northern Ireland.

Evide
Evide is a company based in Derry which specialises in data storage and analysis for charities. Evide manages data for around 140 organisations. At least four of the affected organisations deal with survivors of rape or sexual abuse.

Breach
The Police Service of Northern Ireland has confirmed that it was contacted in March about a cyber attack and it was investigating. Gardaí are cooperating with them, including the Garda National Cyber Crime Bureau.

The charity One in Four was told of the breach on 5 April 2023.

Disclosure
The news of the breach was made public on 17 April 2023.

Impact
A number of organisations were affected, including the Dublin-based charity One in Four, which supports adult survivors of child sexual abuse. Maeve Lewis, CEO of One in Four, told RTÉ News that personal data, including phone numbers and email addresses had been stolen. However, letters and reports to child protection services were not taken. About 1000 people who had been engaged with One in Four might be affected. One in Four contacted Evide to ask them to take legal action against the attackers as One in Four was not directly attacked.

Orchardville, an organisation based in Northern Ireland, said that it was not sure if any of its data was affected.

Charities affected could be investigated by the Data Protection Commissioner.

Reactions
Ossian Smyth said the investigation was in early stages and urged caution as some stories circulating may not be true.