Image: © nevodka.com/Stock.adobe.com
More than half of all breaches occurred in the Department of Social Protection, data revealed.
Most of the nearly 7,000 data breaches that occurred in various Irish Government departments over the last decade can be attributed to human error.
A recent series of parliamentary questions from Aontú Leader Peadar Tóibín TD prompted departments to reveal the frequency of data breaches they’ve suffered in the last decade. The data showed that 3,637 – or more than half the breaches – occurred in the Department of Social Protection alone.
This number was followed by the Department of Justice with 862 breaches and the Department of Foreign Affairs with 757 breaches in the last 10 years.
“The fact that the majority of these breaches relate to the Departments of Social Protection, Justice and Foreign Affairs is concerning – these are the departments which process the most sensitive information,” Tóibín said according to RTÉ.
However, while most of these data breaches were deemed low risk – consisting of staff accidentally sharing personal data with unintended email or letter recipients – there were a small number of ransomware or cyberattacks, the data revealed.
In her response to Tóibín, the Minister for Social Protection Heather Humphreys, TD, said that a “dedicated programme board” is in place, overseeing data protection matters to minimise cyber incidents.
“In addition, my department has in place a set of data protection policies, standards, procedures and guidelines governing the use of its computer systems and customer data,” she said.
While Minister for Justice Helen McEntee, TD, said that her department has implemented measures ensuring the security of personal data.
“All staff are required to undergo data protection training in order to ensure compliance with statutory obligations,” she said.
Brian Honan, the CEO of BH Consulting, a cybersecurity and data protection firm, told SiliconRepublic.com that he thinks the Government’s transparency on data breaches is “valuable” and follows best practices under GDPR.
“The figures,” Honan said, “highlight the public sector’s commitment to transparency – a practice less common in the private sector, where concerns about brand reputation often limit disclosure.
“While the number of breaches may seem high, it’s important to remember these occurred over a span of 10 years.”
Honan, who is also head of the Irish Reporting and Information Security Service, which is Ireland’s first CERT (Computer Emergency Response Team), said that awareness training for staff can reduce the risk of data breaches.
“We can reduce its possibility by effective awareness training, training people on how to handle systems properly and by having technical systems in place.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
