Nine organisations based in the Republic of Ireland have had their data stolen following a ransomware attack on a company in Northern Ireland.
At least four of the organisations deal with victims and survivors of rape and sexual abuse.
The company, Evide, which is based in Derry and manages data for around 140 charities and non-profit organisations in Ireland, Northern Ireland and the UK, was targeted by cyber criminals last month.
A spokesperson for Evide confirmed last night that as soon as it became aware that its systems had been accessed, it contacted the police and engaged cyber security specialists to help it contain the issue and support recovery efforts.
None of the material stolen, which is described as "highly sensitive and personal information", has so far been published on the ‘Darknet’ or other online forums.
RTÉ News understands that a ransom has been sought but none has been paid.
The four organisations are in Dublin and the south of the country and include One in Four, which helps adults who have experienced childhood sexual abuse and their families and those who have engaged in harmful sexual behaviour.
One in Four said it has so far contacted around 500 people whose personal information may have been stolen. It has also set up a helpline for victims, which will operate from today.
CEO Maeve Lewis has asked people with concerns to go to their website for information on the helpline and other supports.
Speaking on RTÉ's Morning Ireland, Ms Lewis said One in Four is not fully sure what data has been stolen.
"The data which was stolen included personal information. There would also have been short records of people's engagement in our services - that is stored separately.
"So we really don't know what the situation is with that data. We do know that any attachments, any letters, any reports for example, to child protection services, they have not been accessed."
Ms Lewis said the most valuable information that has been accessed is personal data, which can be very valuable to hackers.
"We were told by the cybersecurity experts that that data is very valuable because it can be sold to people who then go on to commit or try to commit fraud, by for example, getting bank account details or...other personal data," she said.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
It is believed around 2,000 victims, survivors and suspected perpetrators may have been affected in Ireland, along with other organisations and individuals in Northern Ireland and the UK.
Evide said it became aware of the security breach when unusual traffic was detected on its network late last month and discovered its systems had been compromised.
It contacted the PSNI, which has commenced a criminal investigation.
Police in Derry confirmed that it had received a report of a cyber incident from a local business on 30 March.
The attack is being investigated by specialist detectives from the PSNI Cyber Crime Investigation team.
Gardaí say they are assisting the PSNI in its investigation and the National Cyber Crime Bureau has been providing advice to a number of companies.
The Data Protection Commissioner has also confirmed that it has received a number of data breach notifications.
In a statement to RTÉ News, a spokesperson for Evide said: "We recently became aware of an incident when unusual traffic was detected on our network.
"As soon as we became aware that a third party had accessed our systems we immediately contacted the PSNI and engaged the services of experienced cyber-security specialists to assist us to contain the issue, support recovery efforts, and conduct a thorough investigation.
"We have provided notifications to all relevant stakeholders and clients and also notified the relevant authorities, including the Police Service of Northern Ireland who notified An Garda Síochána. The incident is now also subject to a criminal investigation."
The Executive Director of the Rape Crisis Network of Ireland has said the majority of rape crisis services were not affected by the ransomware attack.
Clíona Saidléar said it is their understanding that the small number of services that were affected have already contacted their clients or will do so within the next 24 hours.
Ms Saidléar advised rape crisis service users that if they have not already been contacted, they can presume that they are not affected, but she said that anyone with concerns should contact its rape crisis service.
Minister for Justice Simon Harris has urged people to be extra vigilant around "peculiar emails" and said that a number of the organisations impacted by the attack are likely to seek injunctions.
He described it as an attack on vulnerable people who have already experienced the most heinous crime.
Money main driver behind hack - expert
Minister of State Ossian Smyth who has responsibility for cyber security told RTÉ's News at One that in this case and increasingly in cyber attacks, it is the supplier to a company that is less well known that will be attacked.
He asked people to be cautious of people sending an email or text claiming to be from an organisation saying they want a credit card number.
A cyber security expert has said service providers are being targeted by hackers as they have multiple customers who may pressure the victim company to pay any ransom.
Brian Honan, who is a former special adviser to Europol, said ultimately cyber attackers are looking for money, as is the case with the targeting of Evide, and hence the demand for a ransom.
Speaking on RTÉ's Morning Ireland, he said: "The goal for the criminals is to make money and we are seeing a shift in tactics by cyber criminals towards targeting service providers like this because the criminals believe that there's going to be extra pressure brought to bear by the customers of that service provider for these ransoms to be paid.
"So, it's money is what's the driver behind this."
Mr Honan said that there is a possibility that the hackers would move on to target individuals whose data has been stolen, which did happen in a case in Finland where a private psychiatric clinic was victim of a ransomware attack.
"At the end of the day, these people are criminals and we need to remember that they are victimising people here.
"And ultimately, as I said, their goal is to make money and they will stoop to any depths to do that," he said.
Mr Honan said that by targeting a company, in what is called a supply chain attack, the hackers feel they have more scope as more pressure will come to bear on the victim organisation.
He said: "Therefore, the pressure is not just on the company themselves from their own internal management team as to how to respond and how to deal with the attack.
"But also from the victim company's customers as well because they're secondary victims in the attack and they obviously will be anxious, just like One in Four have been, are anxious to look after their clients."
Additional reporting Brian O'Donovan, Mícheál Lehane
