137 Revenue Staff Data Exposed in Pitney Bowes Ransomware Attack

Revenue staff were warned not to reuse their work passwords after 137 employees were affected by a data breach involving supplier Pitney Bowes. The breach, a ransomware attack on Pitney Bowes, exposed names, email addresses, job titles, phone numbers, and office addresses of Revenue workers.

An internal Revenue email indicated that negotiations to contain the breach were unsuccessful, and some records had already been published online. Pitney Bowes supplies franking machines to the Revenue Commissioners. While home addresses were deemed unlikely to be compromised unless staff had a machine at home, affected employees were advised to expect an increase in scam emails and calls.

Revenue security confirmed no passwords were stolen but reiterated the importance of not reusing passwords, especially for external sites. The 137 affected staff would be contacted directly to discuss increased risks of scam efforts and social engineering attacks. Revenue emphasized cybersecurity risks, urging staff to limit shared data and be vigilant against attackers.

A Revenue spokesman confirmed Pitney Bowes provides postal and logistics services. Revenue was briefed by the National Cyber Security Centre (NCSC) and informed all staff on the list about precautions against phishing. No taxpayer data was involved, and Revenue systems were not breached, thus no DPC notification was required.