Up to 200 serving and former staff at one of the largest Irish providers of services for people with disabilities may have been affected by a cyber attack on the recruitment company through which they were employed.Stewarts Care was informed at the end of March by recruiter Healthdaq that it had experienced a data breach. It last month learned that the extent of the breach was deemed “serious”. In a memo to the personnel concerned, Stewarts Care said their personal data may have been exposed as a result. It is understood there were fears that the material stolen could be used for identity theft.Healthdaq, which works across the island of Ireland, last month said it was “the victim of a cyber security incident”. It said the incident had been reported to the relevant regulatory and law-enforcement authorities, including the Garda National Cyber Crime Bureau.A spokesman for the Data Protection Commission said it had received a data breach notification from Healthdaq and was engaging on it. Stewarts Care did not comment on the number of serving and former staff who may have been affected by the data breach. However, it is understood that it could be about 200. The organisation employs about 1,350 personnel and provides services to some 1,500 people with an intellectual disability.In its memo to staff who may have been affected, Stewarts Care said it used Healthdaq for recruitment services between May 2024 and last March. “Healthdaq advised us of the details of a security breach on its systems as a result of which the personal data of people that used that platform may have been exposed,” the memo stated. “Healthdaq has confirmed that the source of the incident has been identified and contained, that the necessary security measures have been implemented and that all necessary notifications have been issued, including an email to all of those whose data may have been exposed.“From our side, we have conducted a full review of all our contact points with the Healthdaq platform and reported these events to all of the appropriate authorities. We are satisfied that all Stewarts Care systems remain secure, and that this incident is confined to the provider’s environment.”The issue was reported to the appropriate authorities, it added.Healthdaq last month said it worked with health and social care trusts and the Department of Health in Northern Ireland. It listed a Dublin-based disability service provider as a client.The HSE indicated that its systems were not affected by the data breach at Healthdaq. It said it had been made aware of a cyber incident affecting Healthdaq.“There are no known technical integrations, data flows, or network connections between Healthdaq and the HSE,” it said.