Publication
Cybersecurity Incident: Your Questions
From Office of the Information Commissioner (OIC)
Published on
Last updated on
From Office of the Information Commissioner (OIC)
Published on
Last updated on
Q. What has happened?
On Thursday 11 December 2025 the Office of the Information Commissioner was the subject of a random cybersecurity attack on its IT systems.
It is understood that this was a random attack and a forensic investigation is ongoing. As a precaution, some systems were initially taken offline to contain the threat while the incident was investigated.
However, all public-facing services have now been restored.
Q. Has my data been accessed?
We have been working closely with forensics experts to fully investigate this incident. Arising from this work the Information Commissioner is confident at this time that no personal data was taken.
Q. What action has been taken to protect my data?
Once we became aware of the incident our priority was to protect the data of people who rely on the services of the Office of the Information Commissioner, and to restore services safely.
The NCSC (National Cyber Security Centre) activated its incident response plan and put in place enhanced monitoring to support the Office of the Information Commissioner.
The incident was also notified to the Data Protection Commissioner and An Garda Síochána.
To further protect the data of individuals, the Office of the Information Commissioner has taken legal steps, including securing an injunction from the High Court to restrict any publication of potentially stolen information. That said, the Information Commissioner is confident at this time that no personal data was taken.
For general guidance relating data protection, please see the Data Protection Commission website . For general advice relating to the cyber security, please see the National Cyber Security Centre website .
Q. What services are impacted?
This incident is delaying the ability of the Office to progress existing cases at this time.
Q. Do the attackers currently have access to the IT system?
No. When the incident was discovered our IT system was secured to ensure the attackers no longer had access.
Q. I currently have a case with the OIC. What do I need to do?
We appreciate your patience while we are doing everything possible to resolve the matter and restore our services. You do not need to contact us at this stage. Updates will be provided on the OIC website as verified information becomes available.
Our email system is secure. If you wish to contact us, please respond to the latest email correspondence from this Office if you have a case with us.
Q. I wish to submit a new application to the OIC. Is this service available?
If you wish to submit a new application, please use the webform that is available on our website at www.oic.ie.