Leas-Cheann Comhairle John McGuinness has described the National Treasury Management Agency’s €5 million scam loss as “shocking” and “a poor reflection on the state”.
Speaking to Gript today, the Fianna Fáil TD and former chair of the Public Accounts Committee said the incident showed a failure to adopt modern safeguards.
“It really doesn’t bode well for an organisation that doesn’t have the up-to-date technology to deal with such things,” he said.
“There’ll be serious questions arising from what happened. The NTMA should come before the Finance Committee to explain their position, how this happened and what actions they’re going to take to ensure it doesn’t happen in the future.”
The Carlow-Kilkenny TD expressed concern that a key financial agency of the State had not been more proactive in anticipating such attacks.
“They should be ahead of the game, and they’re not, which is shocking really,” he said.
“State agencies and the state itself, like all of us, are open to being scammed, and it’s incumbent on the state and its agencies to ensure that they have the best possible technology in place to ensure that this doesn’t happen.”
The comments follow a report by Extra.ie this morning revealing that the NTMA was scammed out of €5 million through a voice phishing attack and fake invoice.
The scam reportedly targeted the Ireland Strategic Investment Fund (ISIF), which is managed by the NTMA. It involved a fraudulent phone call in which the attacker impersonated a known business associate of the fund and tricked officials into issuing a payment to a false account.
According to Extra.ie, the attack showed signs of insider knowledge and bypassed several layers of security protocol.
Sinn Féin’s finance spokesman Pearse Doherty called for the NTMA to appear before the Oireachtas Finance Committee without delay.
“They hold billions of Irish money,” he said.
“We will need to hear very quickly from the NTMA how this has happened.”
Doherty said the agency had built up an “impeccable standing” over the years, particularly through its handling of the national debt, and that this scam was “shocking”.
“The processes here should be robust enough, given the level of money they handled, in the billions, to make sure these types of scams…they should not be vulnerable to any scam, no matter how sophisticated,” he said.
The breach is being described as the most significant cyber incident to affect a State body since the May 2021 ransomware attack on the Health Service Executive (HSE), which infected 80% of its systems, disrupted hospital operations, and cost almost €102m to address. The Comptroller and Auditor General subsequently said that the HSE would need to spend almost €657 million further on security upgrades.
That attack, carried out by the Russian-linked Conti group, was enabled by a phishing email attachment and resulted in stolen patient data and hundreds of lawsuits.
Following the attack, the HSE began a large-scale overhaul of its cybersecurity infrastructure.
However, experts have warned that other State bodies may still be susceptible to similar attacks.
Loading ...