Cyber Incident Victim: Teaching Council

The Teaching Council experienced a data breach in March 2020 when unauthorized actors gained access to personal information of 9,735 registered teachers through a phishing attack targeting staff email accounts. The incident began when a small number of Teaching Council employees received phishing emails that activated a malicious script upon interaction. This script established auto-forwarding rules on the compromised accounts, causing incoming emails to be automatically redirected to an external Gmail address for a limited duration. During this period, an email containing an attachment with teacher registration data was forwarded without authorization. The compromised spreadsheet included names, addresses, Personal Public Service (PPS) numbers, Teaching Council registration numbers, registration month, renewal dates, and vetting-related information such as clearance statuses and reference numbers. No financial records, criminal conviction data, or teacher email addresses were exposed in the breach.

The Teaching Council detected the incident through internal monitoring and initiated response procedures by March 26, 2020, when affected teachers received notification emails. Director Tomás Ó Ruairc confirmed the breach was isolated to specific email accounts, with no compromise of the organization's primary databases or broader IT systems. The council immediately notified Ireland's Data Protection Commissioner (DPC), conducted an internal investigation, and provided ongoing updates to regulators. Organizational changes were implemented to prevent future circulation of sensitive attachments via email, a practice identified as contributing to the incident. While the council assessed the risk as low due to the absence of highly sensitive data fields, it advised impacted teachers to remain vigilant. No evidence suggested misuse of the data or additional threats to affected individuals beyond the initial exposure.