Data Cymru has been the victim of a cybersecurity incident that has affected our systems. We experienced a ransomware attack that has temporarily disrupted our operations. The nature of the attack was unauthorised access to our systems resulting in the encryption of certain data.

Upon discovering the attack, we immediately initiated our incident response plan, which included:

• Isolating the affected systems to prevent further spread.
• Engaging with our IT provider and cybersecurity experts to assist in the investigation and remediation.
• The incident has been reported to the relevant authorities, and we are working closely with our ICT provider, our Data Protection Officers and the Information Commissioner’s Office.

We are in the process of identifying the data that has been encrypted and are contacting those directly affected. As a result, some of our systems are currently offline, and other data systems or dashboards may not be updated as frequently as usual.

We are continuing to monitor the situation closely and will notify you immediately if we discover any risks to your data. We have already taken the necessary steps to ensure that no further incident is possible. Please bear with us during this time.

We understand the seriousness of this incident and are committed to transparency and taking all necessary steps to protect our stakeholders. If you have any questions or need further information, please do not hesitate to contact us by emailing dataprotection@data.cymru. Alternatively, you can call me on 029 20909502.

Richard Palmer

Chief Operating Officer