Data Security Incident

SUSI has identified that information submitted through supplementary query forms on this website was retained on the website’s webserver between April 2017 and November 2018.

SUSI’s primary grant application system and supporting documents submitted to SUSI were in no way impacted by this incident.

Due to insufficient website security safeguards against malware, the information submitted was potentially vulnerable to unauthorised access while it was retained on the webserver.

While an independent security investigation on behalf of SUSI has found no evidence that this occurred, it is not possible to guarantee that it did not occur.

As soon as the incident was identified, SUSI took the following actions.

  • the information was removed from the webserver,
  • the supplementary forms were removed from the website,
  • the incident was fully investigated by SUSI and external cybersecurity experts and the following further actions were taken:
    • a new webserver was installed with enhanced security measures,
    • information is no longer submitted or retained on the webserver and
    • SUSI fully reviewed its ICT security procedures.

SUSI also reported the incident promptly to the Data Protection Commission and is cooperating fully with its inquiry. The investigation is ongoing and subject to that investigation, SUSI has written to everyone who submitted a supplementary form through the website between April 2017 and November 2018 to notify them of the incident.

SUSI is a business unit of City of Dublin Education and Training Board (CDETB), which is the Data Controller for SUSI. CDETB takes the protection of personal data seriously and our priority is ensuring the security, integrity and confidentiality of all personal data submitted throughout the application process.

We acknowledge that this update may cause concern. A dedicated support team has been established to respond to any questions and they can be reached by phone or email.

Phone: 0761 087 874

Email: support@susi.ie

FAQ

What happened?

SUSI has identified that information submitted through supplementary query forms on this website was retained on the website’s webserver between April 2017 and November 2018.

Due to insufficient website security safeguards against malware, the information submitted was potentially vulnerable to unauthorised access while it was retained on the webserver.

While an independent security investigation on behalf of SUSI has found no evidence that this occurred, it is not possible to guarantee that it did not occur.

SUSI has contacted everyone who submitted a supplementary form through the website during this period to notify them of the incident.

SUSI’s primary grant application system and supporting documents submitted to SUSI were in no way impacted by this incident.

What steps has SUSI taken?

As soon as the incident was identified, SUSI took the following actions.

  • the information was removed from the webserver,
  • the supplementary forms were removed from the website,
  • the incident was fully investigated by SUSI and external cybersecurity experts and the following further actions were taken:
    • a new webserver was installed with enhanced security measures,
    • information is no longer submitted or retained on the webserver and
    • SUSI fully reviewed its ICT security procedures.

How will I know if I have been affected by this incident?

SUSI has contacted everyone who submitted a supplementary form through the website between April 2017 and November 2018 directly by email.

I received the email from SUSI. What should I do now?

If you received the email from SUSI, you can contact our dedicated support team by phone or email with any questions or to find out more about the information contained in your form. The team can be contacted by phone on 0761 087 874 or email at support@susi.ie

What are the supplementary forms and what information was collected?

The supplementary forms were:

  • Request for an internal review,
  • Request to make a late application,
  • Request to cancel an application,
  • Formal complaint,
  • Report of suspected fraud.

The information collected in each form varies. Typical examples include SUSI application number, name, email address, details of the submitted query. It was also possible to submit supporting documents with certain forms.

As the information varies from person to person, anyone affected by this incident can contact our dedicated support team to find out specifically what information they submitted in their form. The team can be contacted by phone on 0761 087 874 or email at support@susi.ie

Is my SUSI account and application information safe?

Yes. SUSI’s primary grant application system and supporting documents submitted to SUSI were in no way impacted by this incident.

Were all website users affected?

No. Only those who submitted a supplementary form through the website between April 2017 and November 2018 were affected by this incident.