An Irish company that runs a healthcare recruitment platform which is used by health trusts in Northern Ireland has been targeted by cyber-criminals.

Hackers claim to have stolen hundreds of thousands of sensitive files containing personal data from the Healthdaq platform.

All of the trusts said they were aware of a “potential” cyber incident affecting a third-party Health and Social Care supplier and have advised staff to be “extra vigilant”.

An email from Healthdaq’s data protection officer, seen by BBC News NI, said the issue has been contained and steps have been taken to secure the platform. Healthdaq has been approached for comment.

Healthdaq is used by healthcare services to manage recruitment, meaning it holds detailed personal, identity and background-check data on staff.

In the email, Healthdaq said it became aware of unauthorised access to certain data held within its platform on 30 March.

“The incident has been identified as a confidentiality breach involving unauthorised access and extraction of data,” the email read.

Healthdaq said the data may include names, contact details, CVs and qualifications, as well as copies of passports and other government-issued ID, and in some cases health information.

“Given the nature of the data involved, there is a risk of impacts including identity theft, fraud, or misuse of personal information,” it said in the email.

An Information Commissioner’s Office (ICO) spokesperson said: “We have received a report from Healthdaq Limited and are assessing the information provided.”

On its website, Healthdaq said it works with a range of government and public health bodies internationally, including ones in Canada, Australia and in the Middle East, as well as NHS organisations in England.

The company’s headquarters are in Dublin, but it also has offices registered in Belfast, Melbourne and Toronto.

Hacking group XP95 are claiming to be behind the attack and are demanding a ransom.

The group says it has stolen nearly half a million files including driving licenses, criminal background checks and vaccine records.

Kevin Curran, a Professor of Cyber Security at Ulster University, said that hackers can lie or exaggerate how much data they steal for profit, but established groups rely on reputation which creates an incentive for them to be truthful.

“It’s not that they won’t fake data, they would do anything for money,” he said.

“But there is a kind of a sense of reputability, people wouldn’t waste their time if they didn’t believe the groups leaks were real.

“So, there is, to some degree, honour among thieves.”

He advised affected individuals to stay vigilant, use strong passwords and two-factor authentication, and be cautions of suspicious emails or activity.