Personal details of up to 30,000 teachers at risk following cyberattack

Irish National Teachers’ Organisation (INTO) says no financial, credit card details compromised

The Irish National Teachers’ Organisation (INTO) has  assured teachers that no financial or credit card details were compromised in a cyberattack on its learning website. Photo: iStock

The Irish National Teachers’ Organisation (INTO) has assured teachers that no financial or credit card details were compromised in a cyberattack on its learning website. Photo: iStock

 

Up to 30,000 teachers have been warned that their personal data may have been compromised after a union website was hacked in recent days.

The Irish National Teachers’ Organisation (INTO) has written to teachers and retired staff who have completed courses on its learning website (intolearning.ie) to warn that its security systems were breached.

However, it has assured individuals that no financial or credit card details were compromised due to the breach.

It said course payments are processed separately via a secure third-party processing facility called Realex.

In addition, it says all passwords were stored in an encrypted format to ensure their security.

The union has emphasised that the INTO’s learning website is separate from its membership database and no information from this was compromised in the attack.

In an email to those affected, INTO assistant general secretary Peter Mullan said individuals’ names, email addresses, city, country, gender and logged information from online courses may have been accessed.

In a limited amount of cases, he said mobile numbers, school roll numbers, roles in school, INTO membership numbers and Teaching Council registration numbers may also have been compromised.

“While we have no evidence to suggest this data was in fact stolen, the data was potentially at risk and thus potentially accessible to the third party behind the breach,” Mr Mullan wrote in an email.

Spam base

He said the initial investigation into the breach had identified the use of the server as a base to send spam messages.

The evidence suggested that this was the primary, if not only goal, of the breach.

“We have taken down the website as a precaution and are awaiting a full report on the attack from the company responsible for the management of the website,” Mr Mullan wrote.

“When the website is back up and running we advise that you change your password as a precautionary measure. We also suggest that you treat any unusual emails or requests for further information with caution.”

He said that while the potential risk posed by this incident was low, the union was treating it very seriously.

“We have informed the Office of the Data Protection Commissioner of the breach and are taking advice and direction from them. We have also notified the gardaí.”

It says its taking immediate steps to investigate breach and to review security on the INTO Learning website.

It is also commissioning a cyber security consultant to determine how the breach occurred and to avoid any reoccurrence in the future.