Aindrias Moynihan (Cork North West, Fianna Fail) | Oireachtas source

It is approximately ten days since the cyberattack on Munster Technological University, MTU. Thankfully, students have been able to return to lectures and laboratories this week but, unfortunately, data from the cyberattack have been published on the dark web. I ask the Minister to outline the extent of the attack, including whether people's personal details have been compromised.

Local people have been asking about the data. MTU has some 13,000 students and over 1,000 staff. People have outlined concerns about the possible publication of their data. In addition to current students, there are tens of thousands of past students and staff and also parents who have been paying fees. They are also asking if their personal information has been impacted and at what point they will know about that.

I understand the HSE is issuing notices to people impacted by the cyberattack on its systems a year and a half ago. Many would have assumed that if they had not received correspondence by now, they were in the clear regarding that attack, so some were surprised to get a letter. How soon can people affected by the MTU cyberattack expect to be notified? Will a date be provided beyond which they can assume they are clear in the clear or are safe?

In addition to personal information, there could be research information, material the college was researching and information relating to intellectual property, preparation for patents, etc. Is any such intellectual property involved? Has it been encrypted, published or compromised in any way? Will the Minister clarify that? Past students seeking to engage in further education or make job applications may wish to access their data for transcripts. Is such information encrypted or is it accessible? Will the Minister outline the extent of the damage in that regard?

A recent International Data Corporation, IDC, survey of companies of various sizes across the US and Europe indicated that despite 85% of them having a playbook, preparation or recovery plan to deal with a cyberattack, 46% had been successfully attacked in the past three years. This figure refers only to companies that know they were attacked and admit it. Two thirds were forced to pay a ransom. The MTU attack is, unfortunately, not an isolated indecent. It seems that many different areas and organisations are being hit by ransomware. The same survey found that 43% of respondents had been hit more than once. What measures are now in place at MTU and other colleges to ensure they are protected from future cyberattacks? What measures are being taken with other colleges? Has the Minister met them to ensure they are prepared?

As I outlined, a cyberattack does not happen in isolation and steps such as exploratory probing efforts will often be taken beforehand. Was the MTU cyberattack caught on the first alert? Did the university's security system alert it? What happened in the case of any earlier probes? Did they go unnoticed or were they disregarded?

See this speech in context