PERSONAL INFORMATION OF customers of property website MyHome.ie was “inadvertently” leaked online, the company has confirmed.
A large number of customer files which were uploaded onto the MyHome.ie “customer relationship management (CRM) system” from 2014 were also, “unbeknownst” to the company, “automatically stored in a temporary folder on the MyHome.ie server”.
This folder was “inadvertently unsecured”, a spokesperson has confirmed. They added that the company has taken steps to rectify the issue by “removing and securing the relevant folder”.
The company has also notified the Data Protection Commissioner (DPC) and people who have used the CRM system since 2014.
The Journal has learned that the breach was discovered by tech company Vadix. During a recent review of publicly available cloud storage, Vadix discovered a large amount of files they believed belonged to MyHome.ie customers.
A spokesperson for Vadix said that over 700,000 documents dating from 2014 to 2017 were stored in the folder, including some passports, drivers’ licenses and compliance-related forms.
Vadix contacted MyHome.ie on 15 and 19 April about the Azure storage issue but did not receive a response, the spokesperson said.
When contacted by The Journal yesterday, MyHome.ie said it had rectified the issue earlier that day and contacted Vadix.
In a statement, a spokesperson for the company said: “There is no evidence to suggest that the data stored on this folder was accessed at any stage before this matter was brought to our attention. However, we do understand that an as yet unspecified number of these files included personal data.”
The spokesperson could not confirm the number of files in the folder, but confirmed that it was created in 2014.
The Journal has contacted the DPC for comment.
Note: Journal Media Ltd has shareholders in common with Daft.ie publisher Distilled Media Group.
To embed this post, copy the code below on your site
have your say