Civil servant data breach a result of a 'momentary lapse in concentration'

300 civil servants in Ireland had their unencrypted personal details sent to other HR departments

Over 300 civil servants in Ireland have had their personal details sent to other HR departments, after the shared payroll system suffered a data breach.

PeoplePoint, the HR systems provider, is part of the civil service's shared HR & pensions centre based in Clonskeagh. One of its employees managed to email a report relating to several civil service departments to a number of other local HR departments, the Irish Times reports.

The report contained personal data of 317 people, including their names, PPS numbers, grade, department and details of overpayments. All of the details were unencrypted.

In a report sent to Ireland's data protection commissioner in October, PeoplePoint's data protection compliance team blamed the error on a "momentary lapse in concentration on the part of the officer responsible".

"The report was not intended for circulation by email as it is not part of the process or practice to do so. Unfortunately, as it was not meant for distribution in this way, it had not been encrypted," the report said.

The firm said that the error had been spotted instantly by the officer, but he had failed in his efforts to recall the email.

It said that remedial action was then taken, with a follow-up email asking recipients to confirm that they had deleted the email and that they had not copied any of the data, or forwarded the email.

The head of PeoplePoint had to liaise with the officers of the affected departments in order to work out how they would come up with a follow-up plan.

The Civil and Public Services Union said in an update that it was working with other unions who had been affected by the breach.