Meath County Council confirms attempted cyber attack

‘Sophisticated’ attempt made to steal over €4 million in October

Meath County Council has confirmed it was the target of an attempted cyber crime. In a statement on Saturday the council said a sophisticated attempt had been made to steal just over €4 million.

“Meath County Council was recently the target of a serious, attempted cyber enabled offence involving identity theft,” it said.

"The sophisticated attempt to steal €4.309 million was detected before the transaction was completed. The council's bank was alerted and the matter was reported to the gardaí who provided assistance through the Financial Intelligence Unit in the National Economic Crime Bureau and through Interpol.

"The funds have been secured and the matter is now the subject of criminal investigations and legal proceedings in Ireland and abroad. In light of the ongoing investigations, the Council has been advised to make no further comment on the matter at this time."


It is understood the € 4.3 million was stolen in the cyber attack from Meath County Council’s bank accounts almost two months ago on the October bank holiday weekend.

It was however intercepted by the National Economic Crime Bureau and the funds are now frozen in a bank in Hong Kong, pending their return to the council.

RTÉ reported that one of the lines of inquiry gardaí are considering is a so-called CEO fraud, where cyber criminals contact a junior member of staff pretending to be the chief executive and seeking a funds transfer.

Fianna Fáil councillor Wayne Harding described the attack as a “modern day bank robbery”.

Meath East Fianna Fáil TD Thomas Byrne said he would be seeking assurances that cyber security procedures within Meath County Council were at their highest possible level

He also called on other local authorities across the State to examine their own internal cyber security procedures to ensure they do not fall victim to a similar attack.

“I will also be looking for assurances that vital public services are not at risk, either temporarily or permanently, as a result of this attempted theft,” he said.

He described the attempted theft as “a disgraceful act” and said “I hope the perpetrators are identified and brought before the courts to account for their actions”

Meath County Councillor Sean Drew said “it’s important that any potential security issues are identified and action taken to rectify them. We must be vigilant to prevent a similar theft from being carried out in the future.”

The Fianna Fáil councillor who is a member of the council’s audit committee said he would be seeking a full review of the local authority’s own internal controls and security measures.

“This attempted theft is shocking. We are lucky that the suspicious activity was identified and acted upon by An Garda Síochána. The detection and prevention of the attempted theft will allow for a full international criminal investigation to take place.”

A recent PwC report found the rate of cyber crime in Ireland has almost doubled since 201 and is substantially higher than global averages.

Last month a former US Homeland Security expert described Ireland as a soft target for a cyber attack and said that the issue needed to be treated almost as a public health issue.

Executive director of the the Center for Long-Term Cybersecurity in Berkeley, California Betsey Cooper said a major misconception among companies and employees is that IT departments are responsible for protecting against hacking.

The reality, however, is that even if you have the most secure system in place, the weakest link in the cyber security chain is typically human.

Speaking at a conference in Dublin on cyber security Ms Cooper said “the real focus is to get people to realise that [cyber security] is an important issue and plug those holes so that no actor can get in”.

“Hackers are getting more sophisticated, and that is enabling them to make more progress,” Ms Cooper said.

She cited the example of an increase in targeted attacks, where hackers send emails tailored to specific individuals, rather than spamming thousands of people with the same email in the hopes that someone will click on a malicious link.