It follows a data breach following ‘suspicious activity’ in the internal IT systems of the national representative body for school students in Ireland.
“We are writing to notify you about an issue that may involve information you provided to ISSU. We value your privacy and, therefore, we want to provide you with details about the event, what data was involved, and what steps we’re taking to protect your information.
“On Friday 9th of May 2025, we became aware of unusual activities on our systems,” the union wrote to its members and former members in an email.
“We immediately stopped all suspicious activity and launched an investigation with the support of ISSU Admins. On Monday, May 12th 2025, we confirmed that the activity was unauthorised,” it said.
“We confirmed on the same date that user data may have been obtained. While we cannot confirm that data was removed from our systems or that your information was directly affected, we wanted to let you know about this incident out of an abundance of caution.”
The ISSU said that it determined that, as a result of the activity, data was accessed from April 30 to May 9, 2025.
The data may have included first names, last names and email addresses.
However, it added that complete payment and banking information are stored in a separate system and “have not been accessed based on our investigation”.
The ISSU said it has, to date, no evidence of any actual or attempted fraudulent misuse of information as a result of this information.
“We take this event, and the security of your information very seriously. We are reviewing our policies, practices and procedures to better protect against an event like this happening again in the future,” the ISSU said.
The representative body said it is working with third party experts to review its next steps and will be notifying gardaí of the activity.
“We have also made a disclosure to the Data Protection Commissioner as soon as the case was confirmed,” the email continues.
“We continue to monitor for suspicious activity. We are examining ways to enhance overall network cyber threat detection at ISSU and continue to make enhancements to our systems to detect and prevent unauthorised access to user information, including reviewing email access, administrative permissions and upskilling / training.”
As an immediate precaution, the ISSU is telling present and past members to change their ISSU account passwords and if their ISSU account is still active, to take other appropriate steps to protect those accounts or email addresses.
“If you would like additional information or would like to connect with our team, please send an email to DalyL1@issu.ie, please note for the best possible service, we cannot accept phone calls for this matter and communications must be delivered in writing to ISSU,” it said.
“We are always here to help and we sincerely apologise for any inconvenience this has caused.”
source