Recent Data Losses in Ireland

The following list details some of the data losses in recent years. Although the list doesn’t seem that large the amount of records involved is quite high. Putting together the number of records detailed below and allowing for a few thousand in the cases where specifics aren’t listed gives over 700,000 records that have gone missing. Assuming unique records and a population of 4.2 million means 1 in 5 people in Ireland have had their personal data lost or stolen.
The important aspect of listing these data losses is to note that mandatory reporting of data losses is not a legal requirement in Ireland so the real number of incidences is unknown though it is very likely a lot higher than those listed.

November 2008 - Revealed in January 2009, Airtricity have confirmed that they inadvertently made available on their website the personal and financial details of 1200 of their customers who’d signed up online for their electricty service. Apparently, the incident actually happened in November, but wasn’t noticed until January.

November 2007 - AIB has apologised after 15,000 payment advice slips with bank account details and home addresses were sent to the wrong customers. A spokesperson for the bank said that a computer error had caused the receipts, which acknowledge foreign currency lodgements, to be sent to the wrong addresses. The bank says it sincerely regrets what has happened and that it has informed the Data Protection Commissioner.

November 2008 – The personal details of close to a thousand Bank of Ireland customers have gone missing after an employee wrongfully copied them on to a computer memory device which was subsequently lost, the bank confirmed last night. Most of the 894 customers affected have already been contacted by the bank, she said. They are customers from across the country, including commercial, personal, pension, life insurance and mortgage-holders.
April 2008 – Bank of Ireland finally told Data Protection Commissioner Billy Hawkes that three laptops with details of 31,500 customers had gone missing up to 10 months earlier. Those data weren’t encrypted either. A month later the bank said it was investigating another allegation that a laptop had been stolen in 2001.
November 2007 -Bank of Ireland has admitted to inadvertently sending out either out-of-date or incorrect statements to 600 of its customers, following a computer error. Some of the statements contained incorrect details about payments that customers are said to have made last year. A bank spokesman said the error was due to the installation of new computer software that came into effect this week.

June 2009 - Four laptops were stolen from Bord Gáis offices on Foley St in Dublin’s north inner city in the early hours of June 5th. One of the computers, containing the banking details of around 75,000 people, was not encrypted. The laptop contains details such as account numbers, home addresses and branch details of people who had recently switched from the ESB as part of Bord Gais’s “big switch” campaign.
Addenum: Bord Gais informed gardai and theData Protection Commissioner six days after the robbery, but did not initially reveal that the laptop was unprotected by encryption. The account details belong to customers who had switched over to Bord Gais’s electricity service up to May 29, following the company’s high-profile Big Switch campaign. According to Bord Gais, more than 150,000 people have switched to the service since February. While Bord Gais said in a statement on June 19 that details of 75,000 customers were on the stolen laptop, it is understood that the final report of the Data Protection Commissioner will indicate that more than 100,000 account details were on the unencrypted machine.

August 2008 – The Office of the Data Protection Commissioner has confirmed that it is investigating the loss of a laptop from the Office of the Comptroller and Auditor General. RTÉ News understands that the laptop, which contained personal information including details about IDA companies in Ireland, went missing at a bus stop.
August 2008 – The personal information of 380,000 social welfare recipients has been lost in what the Data Protection Commissioner described as a ’serious incident’. 106,000 of the records included highly sensitive bank account data. The information was contained on a laptop stolen from the Office of the Comptroller and Auditor General in April 2007. The data related mostly to the records of pensioners receiving benefits in 2005.

June 2009 - A NON-ENCRYPTED laptop computer stolen from a Health Service Executive (HSE) office contains sensitive personal financial data on people who have approached community welfare officers seeking assistance. The laptop containing the data was one of 15 computers stolen from HSE offices in Roscommon town at the weekend. The office of the Data Protection Commissioner was not informed of the incident by the HSE. It learned of the theft via media reports yesterday morning. It was at that point that the commissioner’s staff contacted the HSE seeking information
January 2009 – The HEALTH Service Executive (HSE) has begun an investigation into how confidential medical notes from 16 patients treated at a Donegal hospital came to be dumped in an alleyway in Derry. The notes from Letterkenny General Hospital were found on Thursday off Gartan Square in the Bogside area of Derry by a local resident. They contained the names, dates of birth and medical conditions of 16 patients.
September 2008 - An unencrypted laptop containing the personal details of staff was stolen from HSE offices at the Carnegie Centre in Dublin's Lord Edward Street. The staff were  informed by letter 13 days after the theft occurred. Thousands of records of staff from the Dublin South district, including their full names, details of their wages, their staff numbers and work areas, were held on the stolen computer, which was not encrypted.
September 2008 -The Office of the Data Protection Commissioner said it is surprised that people still carry around laptops with sensitive information, which is not encrypted. The Office said it was informed by the Health Service Executive on Thursday about the theft of a laptop, a BlackBerry and a data disk from the home of a staff member the previous day. The laptop and disk contained personal information gathered for a survey on the provision of the influenza vaccine to 1,150 healthcare workers in Autumn 2007.
May 2008 – The Health Service Executive has said it does not know how many confidential medical files have been dumped in fields in Co Cork, or how they got there. The confidential files were discovered in a landfill site earlier this week near the village of Glounthaune near Cork city. The files contain detailed medical histories of people who were treated at Cork Regional Hospital, the hospital now known as Cork University Hospital, and at St Finbarr’s Hospital in the city.
Data includes the names, addresses, dates of birth and medical conditions of patients treated in the 1970s and early 1980s.

February 2008 - A computer containing over 171,000 confidential blood donor records and other files from the Irish Blood Transfusion Service has been stolen. The data, which the Blood Service says was securely encrypted, was given to the New York Blood centre in December on a computer disk. It was part of a software upgrading programme for the Irish Service.