As of 23 October 2023, An Gardai Sochana is at the centre of a significant data breach, leaving thousands of drivers' documentation vulnerable to hackers. This story is still developing, but as a specialist GDPR legal firm, we wanted to look into this story in more detail to give our site users a better understanding of what's happening.
How did this data breach occur?
This data breach relates to vehicles that an Gardai have seized. An Gardai have contracts with private towing companies, who seize vehicles on an Gardai's behalf. When a vehicle is detained, the registered owner must present various documents to an Gardai, including identification, insurance documentation and tax receipts. They are also obligated to pay the costs of the vehicle tow and the subsequent storage.
According to the Irish Independent, the data breach was caused by a software error at a Limerick IT firm retained by the various private tow-truck companies contracted by an Gardai Siochana.
Currently an Garda are claiming that they are not at fault for this significant data breach perhaps hinting that the IT firm is ultimately to blame however this view is very much open to question given that liability rests with the Data Controller and it is for the Courts and The Data protection Commissioner to decide who is responsible and liable to compensate the parties concerned.
What type of documentation was leaked?
As stated, under Irish law, after a vehicle is detained, the owner must provide various documentation. This documentation is required to prove that they own the vehicle. According to Jeremiah Fowler, the cyber-security researcher who exposed the leak, there are 2 to 5 documents related to each seizure case.
The kind of documentation leaked includes vehicle registration certs, insurance investigations, and notices of car seizures, and because individuals are required to pay the tow and storage costs, payment card details were also exposed.
How long was this sensitive information accessible?
As of now, we don't know how long this data was freely accessible. Cyber-security researcher Jeremiah Jowler notified an Gardai about the breach in August. Mr Fowler discovered that over 500k records were contained in a database that wasn't password protected.
How do I know if my data has been exposed?
If you have had a vehicle seized by an Gardai, from 2017 onwards, your data may have been exposed in this breach. Under GDPR (General Data Protection Regulation), if a breach has compromised your data, the organisation controlling the information is legally required to notify you of the breach. They are also required to inform the relevant authorities.
How do I protect myself if my data has been exposed?
Unfortunately, any data breach that includes financial information leaves you vulnerable to unauthorised transactions. We recommend monitoring your bank account and bank statements for any suspicious activity. It's imperative to report any unauthorised activity to your bank immediately.
Personal data can be used by criminals to steal your identity. They can use this information to access financial services in your name. We recommend monitoring your credit reports or joining a credit monitoring service to help you identify potential identity theft.
Are there grounds for a legal case
This depends on your circumstances. If you suspect your data has been breached or, worse, if hackers are already using your private data for illegal activities, we recommend contacting our GDPR solicitor's office today. We can set up a consultation to discuss the details of your possible case.