[BreachExchange] Civil Service payroll system suffers further data breach (Ireland)

[Audrey McNeil]

http://www.irishtimes.com/news/ireland/irish-news/civil-
service-payroll-system-suffers-further-data-breach-1.2948177


PeoplePoint, which runs the payroll service for about 31,000 civil
servants, has suffered another data breach after a report containing data
about thousands of individuals was sent to a human resources official in a
Government department.

It is understood that the file was sent to an official in the Office of the
Revenue Commissioners and contained details about staff not employed in
that department.

The service has been the subject of multiple complaints from civil servants
and has previously suffered at least two inadvertent data breaches. It was
recently audited by the Data Protection Commissioner.

PeoplePoint, part of the Government’s National Shared Services Office
(NSSO), was established in 2013 and handles payroll and leave requests from
civil servants.

A spokeswoman for the NSSO confirmed that an internal data breach had
occurred at PeoplePoint, but she could not immediately confirm the number
of people or records affected.

“An encrypted report was transmitted through the secure document management
system to one Civil Service HR professional, containing data relating to
civil servants not employed by that department,” she said. “Notification
has been made to the Data Protection Commissioner. The matter is being
taken very seriously and an investigation into why it happened was
initiated immediately. Further details will be made available as soon as
possible.”

A spokesman for the Data Protection Commissioner confirmed it had received
a report of the breach last week and was liaising with PeoplePoint on the
matter.

“Such liaison is treated as confidential,” he added.

He said that the office’s audit of PeoplePoint had concluded and that a
report was currently being finalised, with a view to it being issued to
PeoplePoint “very shortly”.

It is believed the most recent data breach occurred on January 12th.

Last April, a spreadsheet containing details of 1,914 Civil Service staff,
including their names, PPS numbers, grades and details of special leave
taken, were sent to a Government department’s HR manager, who had sought
details about its own staff.

There was also a data breach in November 2015 when the personal details of
more than 300 civil servants were sent by PeoplePoint to HR departments
other than their own.

Since PeoplePoint’s introduction, there have also been reports of other
instances of personal information being disclosed to the wrong managers or
departments. In addition, there have been complaints about how the system
recovers salary amounts overpaid when an individual has been on sick leave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170123/00e754d0/attachment.html>