Bank of Ireland Fined €463,000 Over Data Breaches

Bank of Ireland has been fined 463,000 Euros, (U.S. $504,000) by the Irish Data Protection Commission (DPC) for a number of data breaches from November 2018 to June 2019 affecting customers personal information. The DPC said it investigated the series of data breaches made by the bank, which impacted more than 50,000 customers.   

The notifications concern the corruption of information in the Bank of Ireland’s data feed to the Central Credit Register (CCR), a system that stores loan information.

The findings concern the corruption of information as it pertains to Central Credit Register (CCR) regulations, a system that stores loan information. The CCR processes the Bank of Ireland’s data feed. The latter company was fined for a delay in communicating the data breaches with the affected customers. The DPC confirmed that 19 of the reported incidents constitute data breaches under Ireland’s General Data Protection Regulation (GDPR). In addition to the fines, the DPC issued a reprimand and has ordered that the Bank of Ireland comply with data protection regulations in place in the country. 

Since the release of information, the Bank of Ireland has said it notified all affected customers and has rectified any inaccurate information as it pertains to the case.

In a statement the bank apologised and said it notified all impacted customers and “rectified the inaccurate information reported to the CCR in all but 20 cases, which will be corrected shortly.” It has also taken measures to improve its ongoing CCR reporting, including error management procedures and a process that enables faster correction of errors.

Bank of Ireland said it “acknowledges and sincerely apologises” for the breaches identified by the DPC and said that it had taken measures to address the failings identified.

“The bank has notified all impacted customers,” it said. “It has rectified the inaccurate information reported to the CCR in all but 20 cases which will be corrected shortly... The bank has engaged fully and proactively with the commission during its inquiry and will continue to do so as it implements these additional measures as quickly as possible.”

Irish Examiner:     Compliance Week:    Finextra:    RTE:   Infosecurity Magazine:    Oodaloop:     DataBeaches

You Might Also Read: 

EU Fines For GDPR Breaches Increase Fivefold:

 

« Cyber Security: GCHQ's Director Speaks Out
Finland Hit By Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

Wheel Systems

Wheel Systems

Wheel Systems specialize in privileged access management, user authentication and authorization and SSL/TLS encrypted traffic inspection.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

Tech Seven Partners

Tech Seven Partners

At TechSeven Partners, we provide a full suite of cyber security solutions for your business including network monitoring, onsite and cloud backup solutions, HIPAA or PCI compliance.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.