#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 9°C Monday 27 September 2021
Advertisement

Personal data of MyHome.ie customers 'inadvertently' leaked online

The Data Protection Commissioner has been notified.

File photo of a woman using a laptop
File photo of a woman using a laptop
Image: Shutterstock/Thomas Andreas

PERSONAL INFORMATION OF customers of property website MyHome.ie was “inadvertently” leaked online, the company has confirmed.

A large number of customer files which were uploaded onto the MyHome.ie “customer relationship management (CRM) system” from 2014 were also, “unbeknownst” to the company, “automatically stored in a temporary folder on the MyHome.ie server”.

This folder was “inadvertently unsecured”, a spokesperson has confirmed. They added that the company has taken steps to rectify the issue by “removing and securing the relevant folder”.

The company has also notified the Data Protection Commissioner (DPC) and people who have used the CRM system since 2014.

The Journal has learned that the breach was discovered by tech company Vadix. During a recent review of publicly available cloud storage, Vadix discovered a large amount of files they believed belonged to MyHome.ie customers.

A spokesperson for Vadix said that over 700,000 documents dating from 2014 to 2017 were stored in the folder, including some passports, drivers’ licenses and compliance-related forms.

Vadix contacted MyHome.ie on 15 and 19 April about the Azure storage issue but did not receive a response, the spokesperson said.

When contacted by The Journal yesterday, MyHome.ie said it had rectified the issue earlier that day and contacted Vadix.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

In a statement, a spokesperson for the company said: “There is no evidence to suggest that the data stored on this folder was accessed at any stage before this matter was brought to our attention. However, we do understand that an as yet unspecified number of these files included personal data.”

The spokesperson could not confirm the number of files in the folder, but confirmed that it was created in 2014.

The Journal has contacted the DPC for comment.

Note: Journal Media Ltd has shareholders in common with Daft.ie publisher Distilled Media Group.

About the author:

Órla Ryan

Read next:

COMMENTS (18)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel