THE BANKING details and Personal Public Service numbers of at least 2,000 employees from seven different public bodies were stored on laptop computers that were stolen in recent years.
The Comptroller Auditor General's (CAG) office, which owned the laptops, refused to name the public bodies yesterday. However, they are understood to include Government departments and semi-State agencies.
Over the past week the office told the public bodies affected, who in turn have been alerting relevant staff members or clients about the data breach.
Gerry Smyth, the secretary and director of audit at the CAG's office, said it was not in the public interest at this stage to disclose the names of the public bodies affected.
"We feel it is our responsibility to ensure the people affected are informed about this. We've been as open as possible about what information has been lost and we feel there is no need to go beyond that," he said.
This latest data breach came to light following an internal inquiry into the data held on 16 laptops which have been stolen from the CAG's office since 1999.
During the process of auditing files and interviews with staff, officials concluded that three of these laptops contained information which could be misused.
One of these included the personal data of 380,000 social welfare recipients. The two others contained payroll information such as Personal Public Service numbers or bank account details.
Although the data was held on password-protected computers, it was not encrypted.
Mr Smyth said steps have been taken to reduce the risk of any recurrence through ensuring that accounting data transferred to laptops is done through encrypted media; prohibiting the transfer of personal data via email; and gathering all historic data on portable media and holding it securely for destruction.
Mr Smyth said that arrangements have been put in place for a security audit to be conducted by the Office of the Data Protection Commissioner. An independent review will also be undertaken of the way the office uses and stores sensitive data.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/d44f2db9-df8f-4862-a014-cc272b77d22c.png)