5,000 hit by credit union online data breach
SENSITIVE account details for almost 5,000 credit union customers have mistakenly appeared online.
In a major blunder, the borrowing amounts, loan durations and arrears of 4,971 members of Tullamore Credit Union were made public.
The private database became freely available via the lender's website last week and remained accessible for at least two days, it is understood.
The files provide names and ages as well as the reason for each loan. The sums vary widely, from less than €1,000 to many tens of thousands of euro. The transactions date from 2009 and 2010. However, a limited loan history for each customer is also included in the records.
Billy Hawkes, the Data Protection Commissioner, has been informed and is inquiring into the mishap.
It is understood the credit union, which did not respond to a request for comment, is briefing members on the situation. Mr Hawkes told the Herald his office has received a "preliminary report" from the credit union and is in "contact with them about follow-up".
"We will be in contact with them to find out what happened. This should not happen," he said. "It sounds like a glitch in the IT system which caused an internal document to be available on the website.
"That is the thing we will be exploring. If they are doing that (informing their customers), that's what they're expected to do," Mr Hawkes added.
A shocked customer said he accidentally came across the link while searching the web.
He said he was able to view the private information five times over the space of two days.
"It's an internal mistake from Tullamore Credit Union. I didn't like what I was looking at," the customer told the Herald.
When he informed friends of his whose account details appeared in the documents, their "jaws dropped," he added.