Cyber Incident Victim: University of Limerick

The University of Limerick (UL) experienced a data breach in August 2022 that exposed the personal email addresses of hundreds of Central Applications Office (CAO) applicants. These individuals were prospective students considering enrollment at the university. The incident, characterized as significant, involved unauthorized access to or disclosure of sensitive applicant information. UL became aware of the breach and initiated internal reviews to assess its scope and origin. The compromised data specifically included personal email addresses, though the exact method of exposure or whether additional information was affected remains unspecified in available reports. The breach impacted a defined group—applicants engaged with the CAO process—but did not extend to broader university systems or current student populations.

Following its discovery, UL formally reported the incident to Ireland’s Data Protection Commission (DPC), fulfilling its regulatory obligation under data protection laws. The university did not publicly disclose remediation steps taken internally, but the referral to the DPC indicated adherence to breach notification protocols. Affected applicants faced potential risks due to the exposure of their contact information, including heightened susceptibility to phishing attempts or unsolicited communications. No evidence suggested financial data or academic records were compromised. Public reporting of the breach occurred on October 5, 2022, when the Business Post published details of the incident, though UL did not issue an independent public statement at that time. The breach underscored vulnerabilities in handling applicant data during admissions processes.