Cyber Incident Victim: Irish National Teachers Organisation
Date:
Sep 2017
Location:
Ireland
Summary
A professional teachers' union experienced a cybersecurity breach affecting its online learning portal, potentially compromising personal data of approximately 30,000 users who participated in recent training courses. Exposed information included names, email addresses, geographic details, gender, and course-related records, with limited cases involving additional identifiers like mobile numbers or professional registration numbers. No financial data or passwords were accessed. The attackers reportedly exploited the server to distribute spam messages. The organization notified affected individuals and relevant authorities, temporarily took the portal offline, and planned mandatory password resets upon restoration while awaiting a full forensic report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Irish National Teachers Organisation (INTO) disclosed a cybersecurity incident on or around September 12, 2017, involving unauthorized access to its INTO Learning online portal. Hackers compromised the professional development platform, potentially exposing personal data belonging to approximately 30,000 users. Affected individuals included teachers who had completed online learning courses in recent years, as well as those registered for retirement planning courses and principals' seminars. The breach resulted in unauthorized access to names, email addresses, geographical information (city and country), gender, and course-related activity details. A subset of records contained additional sensitive information such as mobile phone numbers, school roll numbers, professional roles, INTO membership identifiers, and Teaching Council registration numbers. No financial data, credit card information, or user passwords were accessed during the intrusion. Early forensic analysis indicated attackers repurposed the compromised server to distribute spam emails, though investigators found no conclusive evidence confirming exfiltration of stored data at the time of disclosure.
INTO initiated containment measures by taking the affected website offline and notifying Ireland's Data Protection Commissioner and national law enforcement (gardaĆ) about the breach. The organization directly informed all potentially impacted users via email, detailing the scope of exposed information while emphasizing the absence of financial data compromise. Management engaged the third-party vendor responsible for website operations to conduct a full forensic examination, with findings pending at the time of public reporting. As a precautionary measure, INTO announced plans to enforce password resets for all users upon restoring portal functionality. The incident exclusively affected the INTO Learning subsystem, leaving the union's primary websites and infrastructure operational. No geographical origin attribution for the attack was provided in initial disclosures, with investigators ruling out local involvement in the breach.