Data Breach FAQ 1. What happened? Our service uses an online client management system developed and hosted by an external company. On the 5 th of April they notified us that they had had a data security incident and the contents of the database we use had been exported from the database by an unauthorised third party. They advised us that they had engaged their own cyber-security response team and notified the relevant authorities in the UK, including the PSNI. Our IT provider also notified the Gardaí as many of their customers are based in the Republic of Ireland. We immediately notified the Data Protection Commission and began our own data breach response. This included asking specific questions of our service provider to assess the scale of the incident and the nature of data which might be at risk. We also notified the National Cyber Security Centre. On the basis of the information available to us at this time, and in consultation with the Data Commissioner, we determined it was appropriate to notify clients who use our services what had happened and that their personal information may have been accessed. 2. What has happened now? On May 5 th we were contacted by our service provider. Their external cyber security investigation had been completed. They confirmed to us that none of One in Four’s data had been accessed and that no information about people using our service had been stolen. We are very sorry for the worry and distress that may have been caused to our service users when we told them that their personal information had been accessed. However, given the information we had at the time, we were obliged to notify as many people as possible. Our priority is ensuring we support our clients and answer any questions you may have. To that end we have set up an Information Helpline for you to ask us specific questions. You can contact the Helpline from Monday to Friday 11am 4pm on 087 947 3177 3. What should I do now? You do not need to do anything. However, it is always prudent to be careful about phone calls, emails or text messages. If you receive a message that you are uncertain about, the best advice is to ring the organisation or person it claims to be from and check with them if they sent it.