Tusla’s concerns that abusers could open letters telling victims their information had been exposed in cyberattack

Tusla was worried individuals suspected of child abuse or domestic violence could intercept mail intended for victims who were being told their personal data had been compromised in the HSE cyberattack.

In a confidential report on what they call ‘Operation Return’, the child and family agency also highlighted concerns that letters letting people know their personal data had been stolen could end up at the wrong address and get opened by strangers.

An internal report from Tusla said some people were likely to be “extremely distressed” when they found out their personal information had been compromised in the 2021 cyberattack.

They said some – especially people who had recently turned eighteen – might not even have been aware that the agency held information about them, let alone that it had been exposed.

The report said every notification would need to be first examined by a social worker to ensure there was no risk to individuals from sending them a letter.

The report said: “Tusla are very aware of the risk to persons who may have notified child protection and welfare concerns or requests for domestic abuse services if the person subject to these abuse allegations is still based in the household and was to open a letter disclosing an engagement with Tusla that perhaps the person had yet to be informed of at that point in time.”