Staff at Revenue were warned under no circumstances to use their work password anywhere else after 137 employees were caught up in a data breach involving a supplier.The names, email addresses, job titles, phone numbers and office addresses of the Revenue workers were reported to be at risk of exposure during a ransomware attack on the technology company Pitney Bowes.An internal Revenue email stated negotiations undertaken in an attempt to contain the breach “did not go well” and that some records had already been published online.It said Pitney Bowes was a supplier of franking machines for the Revenue Commissioners.In the email to all staff in late April, Revenue’s security team said home addresses were unlikely to have been compromised unless people had one of the machines at their home.The message read: “I would assume that they only have Revenue-related information and not anything related to your personal life.”It said affected employees could see an increase in the number of scam emails and phone calls in the future.Revenue security said no passwords were stolen but that it was a good reminder for everybody to be careful.“Everyone already knows not to use their Revenue password for external sites, even for trusted suppliers, so even if there were passwords it wouldn’t be something for us to worry about, would it?” the message read.[ Fears mount that Munster TU students’ personal data compromised in cyberattackOpens in new window ]The email stated that once the names of the 137 staff affected were confirmed, they would be contacted directly to discuss how they could be at increased risk of scam efforts and “social engineering attacks”.Revenue’s IT security said they were using the incident as an opportunity to highlight the risks involved in cybersecurity.The security team said: “Do not reuse passwords or at the very least do not use your Revenue password (or anything like it). Limit any data shared to the minimum required.“Always be alert for attackers pretending to be from a trusted source.”Staff were also warned to be vigilant of any unusual requests involving suppliers, using an example of a company submitting an invoice that was three times its normal average.Asked about the breach, a spokesman for Revenue said Pitney Bowes provided Revenue with various services related to postal and logistics operations.He said Revenue had been alerted to the breach and briefed by the National Cyber Security Centre (NCSC). The spokesman said the data exposed could contain the information that was provided when registering for an account.“It is not known at this stage if each account provided full or partial details at the registration stage,” he said. “All staff on the list have been informed and advised on appropriate precautions against potential phishing activities.”The spokesman said no taxpayer data of any description was involved in the breach and that Revenue continuously monitored for suspect activity. He said there was no requirement to inform the State’s data privacy watchdog, the Data Protection Commission, as this was “not a breach of Revenue systems”.