Details of chartered accountants on website

Tue, Aug 19, 2008, 01:00

CONTACT DETAILS for more than 17,000 members of the Institute of Chartered Accountants in Ireland have been inadvertently published on the web in the latest data security breach to hit a high-profile organisation.

The information includes members' personal addresses, contact details including e-mail addresses and phone numbers, and personal data such as date of birth. The file also includes membership numbers and the temporary passwords allocated to members before their first log-in to the website.

During a redesign of the institute's website in July, a version of its membership database was mistakenly published on its site. The new site went live on July 10th. It was alerted to the error by a member on August 5th.

The information was not linked to anywhere else on the site but did appear in the public directories. As a result a number of search engines came across the page and indexed it.

The institute's own investigation suggests that the data was "crawled" by four internet search engines.

An institute spokesman said it did not believe the information was on the web any more "but being 100 per cent accurate about that is difficult".

Search engines such as Google keep copies of older versions of web pages known as a cache which means information published on the web can be viewed even after it has been deleted.

"We are very disappointed about this," the spokesman added, but he said the incident was a result of "human error" and there had been no breach of the institute's internal computer systems.

The institute's chief executive Pat Costello has written to members in recent days informing them about the incident.

"Thus far, there has been no indication from the volume of activity on the website or from the nature of the queries we have received from individual members that there has been any unlawful use of the data," the letter reads.

No financial details, such as credit card numbers or regulatory information, were included in the database.

The Data Protection Commissioner and the Information Commissioner's Office in Britain have been informed about the incident.

The incident will be embarrassing for the Institute of Chartered Accountants in light of its role as regulator of chartered accountants in Ireland. That function is now handled by an independent body, the Chartered Accountants Regulatory Board, which was set up by the institute in 2007.