Skip to content
This site uses cookies. By continuing to browse, you agree to the use of cookies. You can change your settings or learn more here.
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Image: Shutterstock/swissdrone

Debt collector data breach results in some mortgage-holders' details being compromised

The breach resulted in names, contact information, and financial details being compromised.
Apr 11th 2019, 9:00 PM 25,733 9

Updated 1pm 12 April 

A DEBT COLLECTION agency that works on behalf of some banks and credit firms operating in Ireland has experienced a data breach which has resulted in some customers’ personal details being compromised. 

Cabot Financial Ireland Limited, the credit servicing business, was appointed by Promontoria Scarriff Designated Activity Company as the regulated entity responsible for dealing with its mortgage administration. 

Last year, Ulster Bank sold a loan book portfolio, known as Project Scariff, worth €1.6 billion.

It consisted of €900 million of owner-occupier loans across 3,600 accounts and €700 million of buy-to-let (BTL) mortgages across 2,900 accounts.

In a letter dated March 2019, and seen by, a solicitor’s firm on behalf of Cabot told one customer that due to a suspected email phishing scam attack, some “personal information” had been disclosed.

This included names, contact information, and financial details, including the amount of the outstanding balance this person owed on their mortgage. 

The letter states: 

Following the identification of this issue, the matter has been referred to the gardaí. We have also reported this matter to the Data Protection Commission.

A statement to from Cabot said:

“This matter has been notified to the Gardai and the Data Protection Commissioner.”

The Office of the Data Protection Commissioner later issued a statement saying that it had been notified of the issue by Belgard Solicitors, acting on behalf of the firm. 

A statement from the Central Bank said: 

The Central Bank of Ireland is aware of the issue and that Cabot has informed the office of Data Protection Commissioner. Any customer who considers that they have been affected by this issue should contact Cabot Financial Ireland Limited directly.

Update: In an earlier version of this article, it was reported that Cabot failed to notify the Office of the Data Protection Commissioner about the data breach, and only did so yesterday after media inquiries from this website. 

After being contacted by yesterday, the Office of the Data Protection Commissioner said that no such report of a data breach was made by Cabot.

The watchdog has now confirmed that a breach notification was sent to the office and it was an error on their part that the report was not found yesterday. 

A statement from the Office of the Data Protection Commissioner said: 

“The Data Protection Commission erred in its response to the yesterday. Belgard Solicitors did submit a breach notification to the Data Protection Commission on 20 February 2019 in relation to this issue.”


Send a tip to the author

Christina Finn


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a comment

    cancel reply
    Back to top