Telecoms company Magnet+ is investigating a possible breach of its systems that may have exposed the private information of staff and customers.
The incident, which took place on April 8th, was picked up by the company’s internal IT security systems. Magnet+ said it disconnected all potentially affected servers from the company’s network, stopping the onslaught. Still, the attacked servers contained personal information of staff and customers.
“There was no impact to the Magnet+ telecommunications network and services remain unaffected. Only back-office systems were impacted and all of these are fully back up and running,” the company has said.
The company did not say how many people could have been affected by the attack. Magnet+ said it has informed impacted employees – including former staff – and customers whose information was at risk.
Your work questions answered: My hours have been cut but someone new has been hired. Can my employer do this?
Cliff Taylor: How the return of SSIA-style incentives might be on the cards for Irish households
From intern to CEO: does it pay to be a company lifer?
My remuneration ‘was substantial’: The interview transcript Derek Quinlan didn’t want made public
Among the data that could have been accessed were the names and addresses of employees, along with their bank information and other data shared with the company related to their employment.
The names, postal addresses, email addresses, telephone numbers and service details of business and residential customers may also have been exposed.
“All those impacted were notified as soon as possible, in compliance with Data Protection Commission requirements,” Magnet+ said. “The Data Protection Commission and the gardaí were also informed.”
However, the company saidthat there was no evidence yet that any data had been accessed by an unauthorised third party, and it was informing those potentially affected by the breach as a precautionary measure, as it is required to by law.
“All of those impacted were advised to be vigilant relating to unsolicited emails, spam, phishing attempts, links, requests or contact from any sources they do not recognise including those purporting to be from Magnet+,” the company said. “It was also advised that if the email address and password provided to Magnet+ is also used for any other platforms, then these passwords should be changed.”
That includes any social media accounts and online banking apps, the company said in its notification to affected staff.
The communication, seen by The Irish Times, also warned staff to notify their bank or pension provider immediately if they noticed any suspicious transactions or received suspect communications.
Magnet+ is carrying out an investigation into the incident, calling in third-party forensic and cybersecurity specialists to ascertain if any data was compromised.
The Data Protection Commission confirmed it was working with Magnet+ on the incident.
“The DPC is aware and has been notified of a potential breach of personal data at Magnet+ as is required under the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (SI 336 of 2011) and the GDPR,” the DPC said. “The DPC is engaging with Magnet+ on the potential breach.”
Magnet+, which is Dublin-headquartered, provides telecommunications, data connectivity and security services to home, businesses and enterprise customers throughout Ireland, Europe and the US. Previously known as Magnet Networks, the company was acquired in December 2020 by Enet and AirSpeed Telecom owner Speed Fibre Group. It was then combined with AirSpeed Telecom in 2021 under the Magnet+ brand.
- Sign up for Business push alerts and have the best news, analysis and comment delivered directly to your phone
- Find The Irish Times on WhatsApp and stay up to date
- Our Inside Business podcast is published weekly – Find the latest episode here