According to an Irish Times article 110 Bank of Ireland staff were affected by a data breach earlier this year where their pay and benefits were mistakenly circulated internally.
A spokesman for the bank confirmed the breach, stemming from the human resources department, where “information relating to some staff was inadvertently emailed to a number of senior managers last April.” The bank took steps to “ensure that there was no misuse of the information and the incident was reported to the Data Protection Commissioner”, he said.
Sources said that the salaries, pension and other benefits of 70 private banking staff and 40 employees in insurance and investments were accidentally sent by a human resources official to about 20 managers in the organisation. They were asked not to send the email and attached document further.
While the sender subsequently managed to recall the message from a number of recipients, others had opened and forwarded it on.
While the bank informed the Office of the Data Protection Commissioner immediately after the error was discovered, it decided not to inform the individuals whose information was circulated. It is believed that this decision was made on the basis that the bank had managed to contain the breach and that the document did not contain bank account details or information that could lead to a financial loss.
“The Data Protection Commissioner received a breach notification, in relation to the matter referred to, by Bank of Ireland on April 28th, 2017, under our Personal Data Security Breach Code of Practice,” a spokesman for the commissioner said.
The risk of such email data breaches can be significantly reduced with Wizuda’s Compliant File Share (CFS) solution. Additionally in cases where mail has been sent to the incorrect recipients, its retraction capabilities allows users to quickly and easily retract any data that was sent to the wrong recipient, while also giving full visibility over exactly who viewed and downloaded a file.
Wizuda’s CFS solution is an easy to use and secure alternative to email for file sharing. The secure and file sharing features along with a multitude of compliance features enables organisations to share files in accordance with the GDPR requirements. These features include:
- Authorisation workflow reporting ensures any high-risk files are approved prior to sharing. While simple customisable impact assessment tick boxes give users the ability to request extra approvals based on the determined risk level.
- Anonymisation and Pseudonymisation quickly and easily removes personally identifiable information.
- File viewer options gives users the ability to restrict access to view only, apply watermarks of give full download capability. By implementing this feature in the Bank of Ireland situation, those employees who received the email, may not have been given the opportunity to download the attached file.
With only six months left until the GDPR comes info force, Wizuda are seeing more and more companies looking to CFS to avoid costly data breaches. To learn more about Wizuda’s CFS solution, click here
To read more about the Bank of Ireland data breach,click here.