Data breach investigated after Irish Water discloses bank details
Utility reports to Data Protection Commissioner after information sent to wrong individuals
Irish Water has reported a data breach to the Data Protection Commissioner after it inadvertently sent bank details relating to some individuals to the wrong people.
Irish Water is investigating a data breach after it sent bank details relating to a number of individuals to the wrong people.
Minister for the Environment Alan Kelly said the data breach was “absoloutely unacceptable and shouldn’t have happened.”
Speaking on RTÉ Primetime last night, Mr Kelly said that anyone who has given information to Irish water “has to be protected.”
The issue emerged after one man tweeted yesterday that the utility had sent his bank information to his landlord.
Paul Keogan, from Dublin, said his landlord had phoned him on Sunday to say he had received a direct debit confirmation from Irish Water in his own name with a bank account that he suspected was Mr Keogan’s.
This was later confirmed to be the case and the details related to the account Mr Keogan had used to set up his direct debit to the utility.
“It was addressed to him sent to his address, but it pertained to the property he rents to me,” Mr Keogan told The Irish Times.
Hello @IrishWater cant waste anymore time on hold Can you explain why my personal bank account details have been sent to my landlord please?— paulkeogan (@paulkeogan) October 20, 2014
He said he had tried three times to contact Irish Water by phone yesterday but could not get through.
He had tweeted out of exasperation.
Mr Keogan said he was “very annoyed” that his details had been passed on, but was also “livid” that Irish Water had not contacted him.
A spokeswoman for the Data Protection Commissioner confirmed Irish Water had reported the matter under the commissioner’s personal data breach code of practice and that it had been dealt with as a security breach.
“The report concerned the inadvertent disclosure of bank details in respect of a number of individuals.”
The commissioner’s requirements in relation to such matters were that the affected individuals be notified of the matter, advising them of steps they can take to protect themselves.
Secondly, the actual recipients of the letters should be contacted and asked to return the letters to Irish Water and thirdly, the body was required to put in place procedures to prevent a repeat of this type of incident.
“These requirements are being addressed by Irish Water,” the spokeswoman said.
Irish Water said it was aware of this issue and is currently carrying out an investigation.
Separately, the commissioner has formally investigated three complaints from individuals in relation to Irish Water. These complaints related to a previous data security breach Irish Water had notified to the office.
Last month, Irish Water apologised to over 6,300 customers after it sent them letters with data relating to other individuals.
The spokeswoman for the Data Protection Commissioner confirmed the office had received “a large number” of inquiries from members of the public in relation to Irish Water’s processing of personal data generally, particularly in relation to the use of PPS numbers.
She said it had engaged with Irish Water “to clarify certain matters in order to assist us to respond to these inquiries”.
“Our engagement with Irish Water is continuing and we have strongly encouraged Irish Water to provide as much information as possible to the public in relation to how their information will be processed.”