Updated 1pm 12 April
A DEBT COLLECTION agency that works on behalf of some banks and credit firms operating in Ireland has experienced a data breach which has resulted in some customers’ personal details being compromised.
Cabot Financial Ireland Limited, the credit servicing business, was appointed by Promontoria Scarriff Designated Activity Company as the regulated entity responsible for dealing with its mortgage administration.
Last year, Ulster Bank sold a loan book portfolio, known as Project Scariff, worth €1.6 billion.
It consisted of €900 million of owner-occupier loans across 3,600 accounts and €700 million of buy-to-let (BTL) mortgages across 2,900 accounts.
In a letter dated March 2019, and seen by TheJournal.ie, a solicitor’s firm on behalf of Cabot told one customer that due to a suspected email phishing scam attack, some “personal information” had been disclosed.
This included names, contact information, and financial details, including the amount of the outstanding balance this person owed on their mortgage.
The letter states:
Following the identification of this issue, the matter has been referred to the gardaí. We have also reported this matter to the Data Protection Commission.
A statement to TheJournal.ie from Cabot said:
“This matter has been notified to the Gardai and the Data Protection Commissioner.”
The Office of the Data Protection Commissioner later issued a statement saying that it had been notified of the issue by Belgard Solicitors, acting on behalf of the firm.
A statement from the Central Bank said:
The Central Bank of Ireland is aware of the issue and that Cabot has informed the office of Data Protection Commissioner. Any customer who considers that they have been affected by this issue should contact Cabot Financial Ireland Limited directly.
Update: In an earlier version of this article, it was reported that Cabot failed to notify the Office of the Data Protection Commissioner about the data breach, and only did so yesterday after media inquiries from this website.
After being contacted by TheJournal.ie yesterday, the Office of the Data Protection Commissioner said that no such report of a data breach was made by Cabot.
The watchdog has now confirmed that a breach notification was sent to the office and it was an error on their part that the report was not found yesterday.
A statement from the Office of the Data Protection Commissioner said:
“The Data Protection Commission erred in its response to the TheJournal.ie yesterday. Belgard Solicitors did submit a breach notification to the Data Protection Commission on 20 February 2019 in relation to this issue.”
To embed this post, copy the code below on your site
have your say