Education officials cannot rule out the possibility that data held by the CAO, including details of candidates' names, CAO application numbers and birthdates, may have been obtained by those behind last week's cyber attack, the Sunday Tribune understands.
While the CAO maintained it has a "very high level of confidence" that "none of the malicious attacks" which caused its system to temporarily shut down got through to its detailed database, it issued some 22,000 applicants with new passwords following a second wave of attacks on the site last Wednesday.
The CAO's operations manager, Joseph O'Grady, confirmed that ordinarily, any individual seeking to reset their password via the website would have to enter their CAO application number, date of birth and their email address.
This suggests that whoever masterminded the cyber attack could have had access to this information, as otherwise they would not have been able to force the website to issue new passwords.
Asked whether he could rule out the possibility that users' data has been compromised, O'Grady would only say that the CAO is currently investigating the attacks .
However, he suggested that the methods used by the attackers to generate new passwords was "something different entirely" to the approach which an applicant sitting in front of a computer screen would use. He declined to elaborate, as the CAO's investigation is ongoing. It has also forwarded web logs and other information to the gardaí. "At this stage we believe no data has been compromised," said O'Grady.
The next key date for the CAO is the second round offers, to be published this Thursday. O'Grady expressed confidence that the website will not be affected, and pointed to the fact that it had dealt with previous attacks within a matter of hours.
"We hope we won't be affected by it, and feel we have the systems in place to keep the website up and running," he said. "This type of attack can hit any website any time."