Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Andrius Zemaitis
Data Breaches

Vast majority of Government data breaches were in 'highly sensitive' Departments

There have been 262 data breaches by the Department of Social Protection so far this year.

THERE HAVE BEEN in excess of 2,000 data breaches from Government departments since 2019, figures show – the vast majority in departments with “highly sensitive” data.

In relation to the Department with the highest number of data breaches, the Department of Social Protection, the majority of breaches were said to have been minor – such as letters that were sent to the wrong address.

Written responses to Parliamentary Questions from Aontú leader Peadar Tóibín, seen by The Journal, revealed that of the 2,000 data breaches, over 400 of the breaches took place this year.

The departments with the highest number of breaches are Social Protection, Children & Youth Affairs, Justice and Foreign Affairs & Defence:

  • Social Protection: 371 data breaches in 2019, 508 in 2020, 262 so far in 2021
  • Justice: 131 in 2019, 121 in 2020, 51 in 2021
  • Foreign Affairs: 124 in 2019, 163 in 2020 and 22 in 2021.

The Department of Children had 362 data breaches last year.

Social Protection ‘processing 50,000 claims a day’

Minister for Social Protection Heather Humphreys, who is also temporarily the Justice Minister, said in the PQ reply that the Department of Social Protection takes data protection seriously, but that the breaches should be put in context. 

The Minister stated that the volume of social welfare requests needed last year in relation to the Pandemic Unemployment Payment in particular, had lead to a greater risk of data breaches.

“While every data breach is a matter of great concern to my Department, the number of confirmed breaches should be viewed in the context of the scale of the Department’s business, administering over 70 separate schemes and services, accounting for approximately €30bn per annum and processing almost 2m applications every year.

In particular, in 2020, the Department has provided services to an extraordinarily high volume of customers. At one point, the Department was processing over 50,000 claims per day. At its peak, in early May 2020, 602,000 were in receipt of PUP. Just under 20 million PUP payments have been made to nearly 900,000 people providing income support of some €7.5 billion to date.

“The vast majority of the confirmed data breaches relate to incidents where customer information was accidentally and inadvertently disclosed to third parties, e.g. letters incorrectly addressed.

“In each of these incidents, the Department followed procedures in accordance with data protection legislation. Every effort was made to secure data as quickly and efficiently as possible.”

Other departments

In the case of other Departments, they are significantly lower. During 2020, there were 54 breaches by the Department of Agriculture; 45 in Education; seven in Housing; 11 in Enterprise; nine in Tourism; and and five each in Transport and Finance.

The Department of An Taoiseach has had no data breach since 2016, when there was one. The Department of Health did not respond to the query by Tóibín.

Speaking in response to the statistics released to him, Aontú leader Peadar Tóibín said: “The Department of Children has confirmed to me that separately Tusla suffered a staggering 362 data breaches last year, almost one for every day of the year.

“If we look at the departmental breakdown of the breaches we see that the Departments of Social Protection, Foreign Affairs and Justice hold the records for the highest numbers of data breaches in recent years – I find this extremely concerning given that these departments hold such highly sensitive data.”

Tóibín said that most of the data breaches have been reported to the Data Protection Commission, but that “many more have gone unreported”.

“I’ve today written to all departments asking them to explain this and seeking clarity on the nature of the data lost,” Tóibín said.

Your Voice
Readers Comments
4
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel