Ed­u­ca­tion body apol­o­gises af­ter breach of data se­cu­rity

Irish Examiner - - News - Eoin English

The Cork Ed­u­ca­tion and Train­ing Board (ETB) has apol­o­gised for a data se­cu­rity breach which af­fected a hand­ful of staff.

The breach re­sulted in at least one per­son hav­ing sight of the per­sonal data re­lat­ing to some cur­rent and some for­mer CETB staff.

The com­pro­mised data in­cluded the names and ad­dresses, email ad­dresses and tele­phone num­bers, the em­ployee num­bers and the PPS num­bers of the 10 staff. No bank­ing or fi­nan­cial data was com­pro­mised.

The af­fected staff have been in­formed of the breach, and the Of­fice of the Data Pro­tec­tion Com­mis­sioner has also been no­ti­fied, in ac­cor­dance with data pro­tec­tion reg­u­la­tions.

The ETB said it be­came aware of the se­cu­rity breach on Au­gust 17 and moved im­me­di­ately to deal with the is­sue.

The Ir­ish Ex­am­iner has learnt that the breach in­volved some per­sonal data which is held in the CETB’s part-time staff on­line pay­ments sys­tem data­base.

The CETB said once it be­came aware of the is­sue, it con­sulted with the soft­ware de­vel­op­ment com­pany to ex­plore how and why it hap­pened.

It said it ap­pears that 10 sys­tem users were in­ad­ver­tently granted “in­ap­pro­pri­ate lev­els of func­tion­al­ity” in Septem­ber 2016.

It said the sys­tem’s logs show that only four of these users logged onto the sys­tem since then.

Of these four users, the CETB said it knows that at least one user had sight of some of the per­sonal data of cur­rent and for­mer CETB staff.

“In ac­cor­dance with data pro­tec­tion reg­u­la­tions, the CETB has a pol­icy of ad­vis­ing all staff of data breach in­ci­dences which might in any way af­fect them,” it said in a state­ment.

The CETB has apol­o­gised un­re­servedly to all cur­rent and for­mer staff for the breach and it has moved to as­sure them that as soon as it be­came aware of the breach, all 10 af­fected user ac­counts were shut down and “ap­pro­pri­ate ac­cess rights” were as­signed to those ac­counts be­fore they were re­ac­ti­vated.

The CETB chief ex­ec­u­tive, Ted Owens, told the Ir­ish Ex­am­iner that the per­son au­tho­rised to make pay­ments to staff in one cen­tre no­ticed that he had ac­cess to de­tails re­lat­ing to staff in other cen­tres.

“This breached Cork ETB au­tho­ri­sa­tion stan­dards as only the au­tho­rised staff in each cen­tre should have ac­cess to the de­tails of the staff in that cen­tre,” he said.

“The mat­ter has now been fully re­solved, Cork ETB staff/for­mer staff data is se­cure and no ac­tion is re­quired by staff in this re­gard.”

News of the breach comes just days af­ter AIB apol­o­gised for los­ing per­sonal in­for­ma­tion re­lat­ing to over 500 of its cus­tomers in the west of Ire­land.

Printed ma­te­rial con­tain­ing names, loan and de­posit bal­ances, as well as ac­count turnover and an­nual fees which had been col­lated on a spread­sheet, was lost by a staff mem­ber on Au­gust 31 while trav­el­ling be­tween two branches for an in­ter­nal meet­ing which was or­gan­ised to dis­cuss a gen­eral re­view of branch port­fo­lios.

Most of the ma­te­rial re­lated to ac­count hold­ers around Co Gal­way.

The data did not con­tain con­tact in­for­ma­tion, or cus­tomer ad­dresses and their bank ac­counts re­main se­cure and pro­tected.

The bank has apol­o­gised for the breach and has re­ported the mat­ter to the Of­fice of the Data Pro­tec­tion Com­mis­sioner.

Newspapers in English

Newspapers from Ireland

© PressReader. All rights reserved.