Fears hackers stole data on children from the FAI
Questions mount for FAI amid fears hackers stole children's data in breach
The FAI is facing mounting questions over the nature of a hacking incident at its headquarters and if data relating to children was compromised.
Gardaí yesterday confirmed they are investigating the breach at the association’s Abbottstown headquarters. TDs from the Oireachtas sports committee have now outlined their concerns at the breach of the association’s computer servers.
The Data Protection Commission (DPC) says it was notified about the incident earlier this week. It is understood the cyber attack happened last weekend.
Fine Gael TD Noel Rock said a number of people have approached him with fears that children’s data could have been caught up in the incident.
He said they raised concerns that, given the amount of children’s data that the FAI has with teams, tournaments and sports camps, it may have been accessed during the hack.
“Clarity from the FAI on this would be most welcome and full scrutiny from the Data Protection Commissioner is necessary,” he said.
The FAI did not respond to questions from the Irish Independent on whether children’s data was compromised in the breach. Sport committee chairperson Fergus O’Dowd said the FAI “must give those answers”.
The Fine Gael TD added: “Obviously sensitive information on children should be especially protected so I would be concerned about it.”
He said the FAI needed to investigate what data has been breached and to make sure that it can be "obtained, retrieved and destroyed".
Social Democrats TD Catherine Murphy said people need to know exactly what the nature of the breach was and there's an obligation on the FAI to be open about what information was compromised.
She said that when hacking incidents take place they must be disclosed to the people who may be at risk of their information being used so they know they need to protect themselves.
Members of the Garda National Cyber Crime Bureau are currently probing the incident, while the Data Protection Commission (DPC) is also investigating.
The FAI confirmed that email services at the troubled football body were affected by the attack.
It is understood the breach happened early on Saturday. Staff have lost historical emails as a result of the hacking and the FAI could not confirm for certain that all emails will be restored.
Some staff have only been able to access emails from the last two to three days.
It is understood the FAI's IT department has since called in outside experts to determine what happened.
The exact details of the nature of the breach remain unclear. Forensic scientists were called onto the site at Abbotstown, Dublin, last Saturday after the FAI became aware of a breach. However, a spokesperson for the DPC told the Irish Independent it was only notified earlier this week.
"We are examining it at present," they added.
When asked if it had been made aware of the breach, a spokesperson for the Office of the Director of Corporate Enforcement (ODCE) said it was unable to comment on individual cases.
Meanwhile, Ireland manager Mick McCarthy brushed aside questions on the data breach.
Speaking at the pre-match press conference in Copenhagen ahead of Ireland's Euro2020 qualifier against Denmark, he said: "There's a few hacks in here.
"I do not have an FAI email address so it is not affecting me. But Cathal has been busy," he said, referencing FAI press director Cathal Dervan.
Some fans had voiced concerns on social media about whether payment details used when purchasing tickets had been compromised as part of the breach.
However, the sports body moved to assure ticket holders they were not affected.
The association said payment details are unaffected as this data is stored off-site via a third-party platform.
The association said email services were partially restored, adding that computer scientists remain on-site and are working to restore a full service for staff.
Staff who had emails on their laptops were still able to access them, it is understood.
The FAI isn't the first football organisation to be targeted by hackers.
Last year, FIFA, the world's largest football governing body, was on the receiving end of a major breach resulting in the release of internal documents.
The hack on FAI headquarters is the latest headache for football chiefs at Abbotstown.
The FAI has been at the centre of controversy for months after questions raised about its finances and governance led to former chief executive John Delaney voluntarily stepping aside from his role while investigations were carried out.