Bank of Ireland has been fined €463,000 by the Data Protection Commission for a series of data breaches affecting customer personal information.
The DPC says it investigated 22 personal data breach notifications made by the bank between November 2018 and June 2019, affecting more than 50,000 customers.
The notifications related to the corruption of information in Bank of Ireland’s data feed to the Central Credit Register (CCR), a centralised system that collects and securely stores information about loans.
The problem led to some unauthorised disclosures of personal data as well as accidental alterations of data on the CCR.
The DPC says it has concluded that 19 of the reported incidents count as breaches under the General Data Protection Regulation (GDPR).
The bank has been fined not only for the breaches but for delays in communicating with the affected customers. The DPC has also ordered corrective action.
Says a bank statement: "Bank of Ireland fully acknowledges, and sincerely apologises for, these breaches. The Bank takes its regulatory and compliance obligations very seriously and regrets that it has fallen short in this way."
This is not the first fine Bank of Ireland has faced in recent times. In December, it was hit with a €24.5 million fine by the central bank over IT deficiencies that took over a decade to fix.