The Central Bank of Ireland has admitted to a data breach in its credit register (CCR), which could have adversely impacted thousands of borrowers seeking credit. The breach involved outdated data for May, June, and July of 2018 that was not deleted due to a technical error. This outdated information was included in credit reports sought by lenders between June 1st and August 7th. While the data was accurate, the additional three months of information should not have been available and constitutes a data breach under data protection legislation. The bank confirmed that no borrower data was accessed by unauthorized third parties.
The CCR is a database that records whether borrowers have met credit agreements by repaying on time and in full. These agreements include loans, overdrafts, credit cards, and mortgages. Lenders consult the CCR to determine whether to approve loans. The CCR is supposed to hold repayment records for five years before deleting them automatically. However, records for May, June, and July of 2018 were not deleted as they should have been.
The Central Bank discovered the error following an inquiry from the public at the beginning of August and took immediate action to fix it. Remediation began on August 4th and was fully resolved by August 7th, 2023, with the database reflecting the correct five-year retention period.
The bank’s investigation found that of around 476,000 total inquiries made for CCR information between June 1st and August 7th, records of approximately 20,500 borrowers contained performance data pointing to repayment difficulties in May, June, or July 2018. The Central Bank has notified the Data Protection Commission and is liaising with lenders to gauge the impact on potential borrowers.
Source: RTÉ
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.