Knowledge Base

MTU secured an injunction from the High Court to help prevent the sale, publication, possession, or other use of any data that may have been illegally taken from our systems. MTU will seek to enforce that injunction as far as possible. 

MTU engaged with the most commonly used internet search engine providers such as Google, and social media companies including Meta/Facebook, to notify them of the injunction and seek their cooperation in the enforcement of it in the event that any further dissemination of stolen data appears on these platforms.

Specialist service providers engaged by MTU are currently monitoring both the ‘dark’ and open internet for any possible further dissemination of the data.

Any alerts arising from this monitoring indicating that stolen data is being further shared triggers steps for MTU to seek to enforce the injunction.  

We have been in close and ongoing contact with the National Cyber Security Centre, the Data Protection Commission, An Garda Síochána and other relevant stakeholders including relevant government departments.

We engaged specialised services and have been working closely with national authorities and our security partners in a dual process to investigate the cause and extent of the attack, as well as the safest and most efficient recovery process.

The exact nature and extent of this incident, including what data may have been breached, remains under investigation. We can advise that data was accessed and copied from MTU systems and made available on the ‘dark web’, including personal data of staff, students and third parties. 

MTU has engaged specialised data analysis services to review the categories of personal data made available on the ‘dark web’. This is a complex and lengthy process involving the use of e-discovery software to log the categories of personal data that have been compromised, the categories of individuals affected and to identify, insofar as is possible, any affected individuals. The estimated date of completion for this review is currently early June.

Once completed, MTU will then commence issuing notifications and guidance in line with our data protection obligations to affected individuals, with priority being given to cases that may be considered high risk or vulnerable. 

MTU is creating a dedicated project office to manage and coordinate our response to the data protection requirements arising from the incident. 

MTU has engaged specialised security experts who have advised that the MTU systems are secure and that all appropriate security measures are in place designed to protect the system from further attack.

MTU is implementing a multi-stage “Path to Green” IT and related systems recovery process. 

This iterative plan involves a carefully sequenced restoration of our systems, with priority being given to core business-critical elements. The process has facilitated a return to in-person and online teaching and learning, and restored WIFI onsite.