RDS members warned bank details may have been stolen as society falls victim to ransomware attack

The RDS in Ballsbridge

Paul Hyland

February 14 2022 10:40 PM

The RDS has been hit by a cyber-attack which has resulted in the theft of members’ personal data, organisation has confirmed.

The Royal Dublin Society, which has just over 3,000 members, said on the evening of Tuesday, February 8, it became aware that it was the victim of a cyber security incident, known as a “ransomware attack”.

RDS management has confirmed that the criminals responsible for the incident "extracted data from our servers”, which included personal data belonging to staff, members, and suppliers.

The cyber criminals then encrypted the data, making it “inaccessible to us”.

The RDS has notified those individuals whose data has been impacted by the attack and they have been advised to take all necessary precautions, the society said.

In a statement released to Independent.ie, the RDS said the incident was being “thoroughly investigated” by its IT partners.

“[IT specialists] have taken immediate and appropriate actions to restore our systems, reinforce existing security measures and to mitigate its potential impact, as well as determining its origins,” a spokesperson said.

“The RDS has also engaged the services of a specialist cyber security firm to assist in our recovery from this incident. The matter has been reported to An Garda Síochána and the Office of the Data Protection Commissioner has also been notified of this breach pursuant to the GDPR (General Data Protection Regulation).”

In an email issued to those affected by the ransomware attack, which has been seen by Independent.ie, the organisation said some bank account details have also been “compromised”.

“In a small number of cases, bank details may have been compromised in respect of those who have paid their membership fee by direct debit,” the RDS said.

“We are investigating this further and will contact those who may have had their bank details accessed when the situation becomes clearer. As a result, we are recommending all members contact their bank as a precautionary measure.”

The RDS has also warned affected members that the criminals may try and use their data for illegal purposes.

“Please note the criminals behind this attack, or other criminals to whom they may sell your personal data, may abuse your data to target you for scams or other fraudulent activity,” it told members.

"We recommend you are extra vigilant and adhere to the guidance provided by the Citizens’ Information Bureau to protect yourself.”

The RDS said it “deeply regrets that this incident has occurred”.

It has is calling on those who may have been impacted and who have any additional queries to make contact with them.

The RDS also confirmed that there has been no impact on the its commercial operations, and it will continue “to operate as per normal”.

Set up 290 years ago, the mission of the Ballsbridge-headquartered RDS is “to see Ireland thrive culturally and economically”, and hosts equestrian, sporting and music events, along with a members’ club.