AIB has confirmed a member of staff misplaced sensitive personal data relating to hundreds of its customers.
The material was lost in the west of Ireland and is understood to relate to about 550 people, mainly in the Galway area.
The bank would not comment on the nature of the material other than to say it was confidential and did not included addresses or contact information.
However, names and details relating to loan and deposit balances, account turnover and annual fees are understood to be included.
The Office of the Data Protection Commissioner has been notified in keeping with standard procedures. It did not immediately respond to requests for comment.
“Some confidential information relating to the banking facilities of a number of customers was mislaid on Thursday 31st August in Galway,” the bank said in a statement.
“AIB has contacted all impacted customers to explain the matter and to apologise unreservedly.
“AIB takes its data protection obligations very seriously and has reported this incident to the Office of the Data Protection Commissioner.”
It is understood that letters issued to customers explained a member of staff had been travelling between branches in Galway when the material was lost.
The bank has said that although it is a serious incident, customer accounts cannot be accessed by a third party as a consequence.
Simon McGarr, director of Data Compliance Europe, an organisation working in the area of European privacy law, said the lost material raised important questions.
“We literally don’t know where it went but it is very significant personal information to have mislaid and begs the question what allows this information to be printed out of a secure system [and taken away],” he said. “No amount of computer security in the world is going to save you.”
An AIB spokesman said the bank’s preference was to transfer classified information electronically. “However, when data is transferred manually, protection of customer data is paramount in our consideration,” he said.
Mr McGarr said European data protection laws to be introduced next May would be relevant to such incidents.
“It provides for people who have suffered data breaches to be compensated for that breach whether or not they suffer financial loss,” he said.
“It also allows people who have suffered data loss to pool their claims in a class action. The Government is currently proposing to limit these powers in their Data Protection Bill currently before the Oireachtas.
“Today’s breach demonstrates how important it is to have the strongest possible protections and remedies for individuals’ personal data.”