Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Fraudsters trade on fake lawyers’ names

Scammers are impersonating legitimate trade mark agents as part of a sophisticated fraud, using names of genuine attorneys from a public register. The Irish Independent reported that criminals emailed several Irish businesses recently, suggesting they are at risk of losing the rights to use a brand, logo or trademark at EU level unless they pay extra fees.

The Law Society of Ireland published an advisory to members in July, and the Independent said the scam has intensified since. Variations of the message included the signed name of a legitimate Irish solicitor whose name appears on the official Register of Trade Mark Agents. The Law Society said the emails “appear to originate from individuals who are both solicitors and Irish Registered Trade Mark Attorneys. However, the individuals named in the emails are not affiliated with the companies or law firms referenced and the emails were not sent by the individuals.”

Impersonation fraud is big business. In a recent post, Jane Frankland pointed to examples like the AI voice impersonating US senator Marco Rubio, contacting high-level officials through convincing, targeted calls. She also noted the use of celebrity likenesses for cryptocurrency and romance scams, with American losses adding up to $672 million in 2024.

Strengthening all-Ireland cybersecurity

A new €4 million cross-border research initiative aims to strengthen the cybersecurity of critical infrastructure across the island of Ireland. Called CyberUnite, this project is the first dedicated funding awarded by an Irish Government agency to support collaborative cybersecurity research on an all-island basis. 

The initiative’s joint leads are the University of Limerick and the Centre for Secure Information Technologies at Queen’s University Belfast. It also includes colleagues from University College Cork and Munster Technological University, and Gas Networks Ireland as the industry partner. The mission is to develop resilient and adaptive defences for shared social and economic systems; deliver rapid, all‑island development of novel cybersecurity solutions; protect critical sectors, including energy and utilities, from sophisticated cyber threats; and strengthen a unified, national research ecosystem in cybersecurity.

In other Irish cybersecurity education news, a recent Forbes article specifically referenced Ireland’s progress in addressing longstanding industry skills gaps. The Irish Universities Association move to develop a national framework for micro-credentials led to a 20 per cent reduction in the security workforce shortage in one year. “These short, targeted learning modules are backed by national funding and designed in collaboration with the industry,” Forbes noted. 

Data protection and privacy roundup: tight AI oversight and easing SME GDPR compliance

This past month saw a flurry of data privacy activity at EU level. The AI Act expanded its enforcement scope, making providers of general-purpose AI (GPAI) models subject to new transparency, risk assessment, and public-summary obligations. The newly operational European AI Office, along with its accompanying AI Board and Scientific Panel, will oversee enforcement across member states. The EU also released its finalised Code of Practice for GPAI models in line with the Act. This mandates safeguards against copyright infringement, independent risk audits, and model testing.

Meanwhile the European Data Protection Board (EDPB) and EDPS welcomed a proposal to ease GDPR’s recordkeeping obligations for smaller businesses. It would revise exemptions from current thresholds to cover organisations of under 750 employees, up from 250. The thresholds would apply unless the organisation’s data processing would be likely to lead to a high risk to individual’ rights and freedoms.

In Ireland, the Data Protection Commission has opened a formal inquiry into Children’s Health Ireland over concerns about the physical security of children’s health records within a specific CHI facility at Tallaght University Hospital. The regulator became aware of issues through protected disclosures and a breach notification, which it followed up with an unannounced site inspection.

Also in Ireland, a concerning statistic about workplace privacy emerged after a survey of 1,000 Irish workers found that more than one-third tried to find out personal information about a colleague, client or customer. The poll by IT.ie and SonicWall also found that three out of ten workers tried to access a colleague’s device without permission.

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here