Cyber Incident Victim: Evide

On or around March 30, 2023, a significant cyber-attack was reported to the Police Service of Northern Ireland. The incident targeted Evide, a data management company based on Bay Road in Derry. The company manages data for approximately 140 organisations across Ireland and Britain, with a client base consisting largely of charities and non-profit groups. The cyber-crime was formally reported to police on that date, and the matter was immediately referred to specialist detectives within the PSNI’s cyber-crime investigation team for further examination. The attack itself was discovered by the company at the end of March, prior to the police report being filed. Evide’s initial detection of the incident occurred when its security monitoring identified unusual traffic activity on its internal network, which indicated a potential unauthorized presence.

Upon discovering the anomalous network traffic and confirming that a third party had gained access to its systems, Evide initiated its response protocol. The company immediately contacted the relevant law enforcement authorities, specifically the PSNI, to report the cyber-crime. Concurrently, Evide engaged the services of experienced cyber-security specialists. These external experts were brought in to assist with multiple response phases: containing the ongoing security issue, supporting recovery efforts for affected systems, and conducting a thorough forensic investigation to determine the full scope and impact of the breach. The company issued a public statement confirming these actions, outlining the steps taken to address the intrusion.

The attackers behind the breach were identified as hackers who employed a ransomware tactic. It was understood that these individuals demanded a monetary ransom from Evide in exchange for the stolen data. The data exfiltrated from Evide's systems was described as containing "highly sensitive and personal information" pertaining to the clients and individuals represented by its numerous organisational customers. Despite the ransom demand being issued, no payment was made by Evide or any of the affected parties. Furthermore, following the attack, the stolen material was not observed to have been published or made available on any public online forums or on the darknet, limiting its immediate dissemination.

The impact of the attack was significant due to the nature of Evide's clientele. The breach affected a number of Northern Ireland charities, among other organisations. One confirmed affected client was Belfast-based charity Orchardvill. This organisation communicated directly with its users regarding the incident, informing them that an investigation was ongoing and that it was not yet known how much data, if any, had been successfully exfiltrated by the attackers. A number of other Northern Ireland-based clients of Evide were also confirmed to have been targeted in the attack, though several organisations contacted for comment declined to discuss the matter publicly.

Beyond Northern Ireland, the attack had serious consequences for charities in the Republic of Ireland. Dublin-based charity One in Four, which provides support services to adult victims of child sex abuse, was among the Evide clients whose data was compromised. The executive leadership of One in Four, specifically Chief Executive Maeve Lewis, publicly addressed the incident. The charity took proactive steps to contact approximately 500 people who currently use or have used its services to inform them of the potential breach of their personal data. Lewis stated that the type of stolen data could be leveraged by criminals to attempt to commit fraud against the affected individuals, highlighting the real-world risk of the breach.

The scope of the incident extended to other highly sensitive sectors. It was reported that three other organisations which deal directly with victims of rape and sexual abuse were also targeted as part of the attack on Evide. These groups, alongside those working with victims of sexual crime mentioned in initial reports, handle some of the most confidential and personal information imaginable, making the breach particularly severe. The compromise of such data creates profound privacy and safety concerns for the vulnerable individuals involved, extending the impact far beyond mere financial or operational disruption.

The primary consequence of the incident was the potential exposure of highly sensitive personal data belonging to service users of multiple charities. The specific types of data involved were not detailed in public reports, but the context of the affected organisations suggests it could include names, contact details, and case-related information of individuals seeking support for traumatic experiences. The secondary impact was operational and reputational, affecting both Evide and its clients. The charities were forced to divert resources to incident response, including customer communication and potential strengthening of their own security postures in the wake of the attack.

The police investigation into the matter remained ongoing at the time of reporting. The PSNI confirmed that investigations were continuing and stated that it would be inappropriate to comment further on the specifics of the active case. The engagement of cyber-security specialists by Evide formed a crucial part of the overall response, aiming to determine the root cause of the breach, identify the tactics used by the attackers, and ensure that systems were securely recovered to prevent a reoccurrence. The lack of public data publication following the non-payment of the ransom was a noted aspect of the incident's aftermath, though the ultimate fate of the stolen data remained unknown.