A recent Irish drivers’ data breach stemming from a Limerick-based IT company has put thousands of Irish motorists in a precarious position. The breach, caused by a software error, has left over half a million documents exposed, dating back to 2017.
The IT services firm, which collaborates with tow truck companies working on behalf of the Gardaí, was at the center of this Irish drivers’ data breach.
The compromised information includes vital details for insurance investigations, vehicle registration certificates, notices of car seizures, and even payment card information.
The Irish Drivers’ Data Breach Explained
Jeremiah Fowler, an international cybersecurity researcher, discovered the unprotected online database and promptly informed the Gardaí in August. The exposed data included spreadsheets, vehicle registration information, driving licenses, and other sensitive data, stored by 11 towing companies serving An Garda Síochána.
Fowler revealed that he accessed receipts with full debit card details, along with driver’s licenses and incident summary reports. This critical data could potentially be misused for unauthorized fraudulent activities. Furthermore, confidential documents containing names and details of drivers, witnesses, and multiple Garda officers were also accessible.
The exposed images in this Irish drivers’ data breach were high-resolution scans of sensitive personal documents, heightening the risk of identity theft and scams through emails and texts.
The Gardaí swiftly launched a data breach investigation, asserting that towing companies were obligated to safeguard any information provided to them by An Garda Síochána.
Opening Irish Drivers’ Data Breach Investigation
According to the owner of the IT services company, the issue arose during the implementation of a new software release for the data service provided to the towing companies. He categorized it as an “error” and emphasized that the majority of the exposed data was unrelated to An Garda Síochána, reported The Irish Independent.
Within 70 minutes of being notified, the firm secured the database and conducted a forensic audit. They also followed all necessary data privacy and legal protocols in reporting the incident to relevant authorities, including the Data Protection Commissioner.
However, it has been clarified that the IT services company was not the ultimate data controller. The Data Protection Commissioner is now working to identify the entity responsible for safeguarding the exposed data in this Irish drivers’ data breach.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.