Bank of Ireland to be investigated over reported online banking data breach

It is understood that when individual customers logged onto the system, they were presented with the banking details of other people with either a similar or the same name.

Banking365 was not taken offline at any time due to the problem. There were roughly 10 incidents, which stemmed from human error, according to the bank.

"The DPC has commenced an inquiry into Bank of Ireland, in particular the Banking365 platform,” a DPC spokesperson said.

“This own-volition inquiry will focus on a number of breach notifications received by the DPC between January and April this year."

In a statement, Bank of Ireland said, “We reported a small number of breaches to the DPC involving the data of individual customers which occurred during the first half of this year.

“The majority of the breaches involved human error or manual mistakes within the bank.”

Firms who discover such data breaches are required by law to inform the Data Protection Commission of each such instance.

Under the EU General Data Protection Regulation (GDPR) national regulators have the power to fine individual companies for breaches of the regulation.

Three of the top four companies, in terms of complaints submitted to the DPC since the implementation of GDPR, are banks: Bank of Ireland, Permanent TSB, and AIB.

Bank of Ireland is currently also subject to an ongoing investigation by the DPC regarding 22 breach notifications delivered by the bank itself.

Those notifications relate to the bank allegedly submitting inaccurate information to the Central Credit Register, with a corresponding risk that some customers’ credit ratings contained inaccurate information. That inquiry began in November 2019.

The DPC recently implemented its first fines of the GDPR era, both of which were aimed at child and family agency Tusla.