Data on Missing Boy Lost Following Cyber Attack

Data concerning Kyran Durnin, a missing boy, that was held by Ireland’s child and family agency, Tusla, was compromised in a cyber attack. The Irish Independent initially reported this data loss, citing sources who described the incident as a “matter of concern” for gardaí (Irish police) involved in the boy’s investigation. Tusla stated that the system impacted by the cyber assault “was not the system of record for case notes” and held no relevance to an internal review being conducted by the agency regarding its interactions with Kyran’s family. A Garda spokesperson stated that the police force “does not comment on remarks by third parties,” and clarified that “any enquiry on Tusla records is a matter for Tusla.” Kyran’s disappearance was reported at the close of August; however, a fortnight ago, gardaí announced that he was now presumed deceased and initiated a murder inquiry. The Irish broadcaster RTÉ had earlier reported that investigators suspected the child might have been murdered over two years prior, at the age of six. The minister responsible for children’s affairs expressed the necessity to “understand what went wrong” regarding Kyran’s situation. Roderic O’Gorman, a member of the Green Party, conveyed to RTÉ’s This Week programme: “We can absolutely understand all the engagements that this child and his family had with Tusla and indeed with other elements of the state and what went wrong in this situation,”. He continued: “That’s why we’ve asked for this review to understand exactly what did or indeed what didn’t happen in this case.” O’Gorman indicated that the agency’s report is anticipated to be finalized within the forthcoming week. In May 2021, a cyber attack targeting computer systems of the Irish health service resulted in extensive disruption. This assault involved a criminal organization employing a type of malware to infiltrate the HSE’s system, subsequently encrypting data and requesting a ransom for its decryption. Tusla reported that certain data had been stored on a system which “not restored following the cyber attack, as it was based on old technology.” A spokesperson clarified: “However, this was not the system of record for case notes and isn’t relevant to the internal review underway.”