In the last week, there has been a spate of email interception attacks impacting several high profile companies and putting their data, and that of their customers, at risk.
The affected companies have been the target of fraudsters gaining access to employee email accounts (often by obtaining usernames and passwords using phishing techniques or by using other fraudulent means). The perpetrators then typically seek to intercept emails relating to the payment of invoices and divert customer payments to their own account.
This spike in cybercrime activity highlights the importance of having robust protections in place to guard against unauthorised access to company email accounts.
If your organisation suffers such an attack and you determine the persons whose data you hold are at risk, you need to move swiftly to notify the Data Protection Commission within 72 hours of becoming aware of the personal data breach. Depending on the circumstances of the case, there may also be a legal obligation to notify the Gardaí.