Irish Office of the Ombudsman hit by ransomware attack

The Office of the Ombudsman in Ireland has taken its IT systems offline following a ransomware attack discovered on December 17, 2025. 

The attack has compromised what authorities believe may include sensitive data from the organization's systems. 

The ransomware attack has had far-reaching implications beyond the Office of the Ombudsman itself, as the organization serves as the IT infrastructure provider for several other governmental bodies:

• The Information Commissioner
• the Commissioner for Environmental Information
• the Protected Disclosures Commissioner,
• the Standards in Public Office Commission,
• the Commission for Public Service Appointments. 

All these entities have service disruptions. Telephone services, online complaint forms, and the ability to process existing complaints are affected.  

Multiple governmental agencies and cybersecurity specialists are responding.

No details are disclosed about the stolen data or number of affected individuals.

The office has obtained a High Court injunction prohibiting anyone in possession of stolen data from publishing it. We consider that to be a pointless exercise because criminals don't really care about court injunctions, but the Ombdusman is trying to show that they've done something.