skip to main content

Almost 7,000 Government data breaches over last ten years

More than half of the data breaches occurred at the Department of Social Protection
More than half of the data breaches occurred at the Department of Social Protection

There have been 6,885 data breaches across Government departments over the last ten years.

More than half of the breaches, 3,637 of them, occurred at the Department of Social Protection.

The Department of Justice accounted for 862 of the breaches, with 757 breaches reported at the Department of Foreign Affairs.

The majority of the data breaches were deemed to be low-risk and as a result were not reported to the Data Protection Commission (DPC) in line with DPC guidance.

Many of the incidents were as a result of human error which saw emails and letters being sent to incorrect recipients.

A smaller number related to lost or stolen devices, and cyberattacks.

The figures were released in response to a series of Parliamentary Questions from Aontú Leader Peadar Tóibín.

"The fact that the majority of these breaches relate to the Departments of Social Protection, Justice and Foreign Affairs is concerning - these are the departments which process the most sensitive information," Mr Tóibín said.

"It is a basic expectation of any civilian that if they hand over deeply personal details to a government department - perhaps on the nature of their family situation, their income, or their health status, that these details would be treated with utmost confidentiality," he added.

In its response, the Department of Foreign Affairs said that in addition to reported data breaches, it also notifies the Data Protection Commission of cases of postal carrier breaches involving the loss or mis-delivery of documentation in the postal system.

"This is very worrying information, and Aontú are seeking clarity from the Minister if there is any evidence of criminals intercepting passports between the point of issue and arrival," Mr Tóibín said.

The Department of Foreign Affairs said it regularly engages with the postal provider to highlight the issue and monitors global postal issues which may impact the dispatch and safe receipt of documents issued or returned by the Department.

In its response to the Parliamentary Question, the Department of Social Protection said that the vast majority of its confirmed data breaches relate to incidents where information was accidentally and inadvertently disclosed to third parties, e.g. misaddressed email or postal correspondence.

The Department said it takes data protection obligations very seriously and has in place a set of data protection policies, standards, procedures and guidelines governing the use of its computer systems and customer data.

"In order to protect the personal data of its customers and to minimise data protection incidents, a dedicated Programme Board is in place to oversee data protection matters," the Department of Social Protection said.

In its response, the Department of Justice said it has implemented measures to ensure the security of all personal data and limit risks of unauthorised access.

"Measures for the protection of personal data are kept under review and upgraded where appropriate. Furthermore, all staff are required to undergo data protection training in order to ensure compliance with statutory obligations," the Department of Justice said.