Bank of Ireland Fined €463,000 Over Data Breaches

Bank of Ireland has been fined 463,000 Euros, (U.S. $504,000) by the Irish Data Protection Commission (DPC) for a number of data breaches from November 2018 to June 2019 affecting customers personal information. The DPC said it investigated the series of data breaches made by the bank, which impacted more than 50,000 customers.   

The notifications concern the corruption of information in the Bank of Ireland’s data feed to the Central Credit Register (CCR), a system that stores loan information.

The findings concern the corruption of information as it pertains to Central Credit Register (CCR) regulations, a system that stores loan information. The CCR processes the Bank of Ireland’s data feed. The latter company was fined for a delay in communicating the data breaches with the affected customers. The DPC confirmed that 19 of the reported incidents constitute data breaches under Ireland’s General Data Protection Regulation (GDPR). In addition to the fines, the DPC issued a reprimand and has ordered that the Bank of Ireland comply with data protection regulations in place in the country. 

Since the release of information, the Bank of Ireland has said it notified all affected customers and has rectified any inaccurate information as it pertains to the case.

In a statement the bank apologised and said it notified all impacted customers and “rectified the inaccurate information reported to the CCR in all but 20 cases, which will be corrected shortly.” It has also taken measures to improve its ongoing CCR reporting, including error management procedures and a process that enables faster correction of errors.

Bank of Ireland said it “acknowledges and sincerely apologises” for the breaches identified by the DPC and said that it had taken measures to address the failings identified.

“The bank has notified all impacted customers,” it said. “It has rectified the inaccurate information reported to the CCR in all but 20 cases which will be corrected shortly... The bank has engaged fully and proactively with the commission during its inquiry and will continue to do so as it implements these additional measures as quickly as possible.”

Irish Examiner:     Compliance Week:    Finextra:    RTE:   Infosecurity Magazine:    Oodaloop:     DataBeaches

You Might Also Read: 

EU Fines For GDPR Breaches Increase Fivefold:

 

« Cyber Security: GCHQ's Director Speaks Out
Finland Hit By Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

RiskIQ

RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Danish Maritime Cybersecurity Unit

Danish Maritime Cybersecurity Unit

The Danish Maritime Cybersecurity Unit is tasked with delivering the initiatives set out in the Cyber and Information Security Strategy for the Maritime Sector.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

SektorCERT

SektorCERT

SektorCERT is the cybersecurity center for the critical infrastructure sectors in Denmark. We help detect and handle when critical infrastructure is exposed to cyber attacks.

StealthMole

StealthMole

StealthMole is a deep and dark web threat intelligence company that delivers a cloud-based, unified platform for digital investigation, risk assessment, and threat monitoring.