Fine Gael MEP Regina Doherty has said the cyberattack on the Office of the Ombudsman underlines the urgent need for Ireland to take cyber security far more seriously across the public sector.
“This is a statutorily independent office that deals with some of the most sensitive information held by the State, including complaints from vulnerable individuals and whistleblowers,” she said. “Any unauthorised access to those systems is deeply concerning,” she said.
Doherty acknowledged that the Office of the Ombudsman acted quickly to contain the incident and that expert support is in place.
“It is right that systems were taken offline as a precaution and that the Ombudsman is being supported by the National Cyber Security Centre, external specialists and An Garda Síochána. That response matters,” she said.
However, she said important questions still remain unanswered.
“We still need clarity on whether the cyber security measures in place were adequate for the level of sensitive data involved, and when the last independent security audit of these systems was carried out.”
The Fine Gael MEP also raised concerns about structural risks within the public sector.
“Is it appropriate that multiple statutory bodies share IT infrastructure when incidents like this show how quickly risk can spread? This is a serious question that needs to be examined.”
She said the handling of personal data must now be the central focus.
“As in many ransomware attacks, there are claims that data may have been taken. While forensic analysis is ongoing, people deserve transparency. What categories of personal data may have been accessed, and will affected individuals be notified in line with GDPR obligations if there is any risk to their information?”
The Dublin MEP said Ireland must view the incident in a wider European context.
“At a time when cyber threats to Europe are increasing, from organised criminal gangs to hostile state actors, Ireland cannot afford to be reactive. Cyber security is not a technical afterthought. It is fundamental to public trust and national resilience.”
“This incident should be an eye-opening moment. We must learn from it and ensure that public bodies are properly resourced, audited and protected in an increasingly hostile digital environment.”