Advertisement
We've partnered up with Nixers.com to offer a space where you can talk directly to Peter from Nixers.com and get an exclusive Boards.ie discount code for a free job listing. If you are recruiting or know anyone else who is please check out the forum here.
If you have a new account but can't post, please email Niamh on [email protected] for help to verify your email address. Thanks :)

MyHome.ie customers leaked online

  • 19-05-2021 11:30am
    #1
    Registered Users Posts: 2,316 ✭✭✭ Tow


    Following on the from HSE's issues. It looks as if MyHome.ie has exposed 700,000 of their customer's compliance documents (driving licences, passports etc) on the internet.

    Personal data of MyHome.ie customers 'inadvertently' leaked online:
    https://www.thejournal.ie/myhome-ie-customer-data-leak-5441232-May2021/


Comments

  • Registered Users Posts: 11,725 ✭✭✭✭ wes


    Basically, IT is heavily underfunded in most organizations, and basically you get best effort from the IT staff. That is assuming it hasn't been outsourced to the lowest bidder, or even if the out source company is good, they aren't given enough budget to actually manage the infra correctly.


  • Registered Users Posts: 7,656 ✭✭✭ Fann Linn


    Not related to this case or the HSE case specifically, but could someone sue a body be they private or State if their info is leaked? Just asking the question because I see it that if there was a penalty or reaction for this type of thing, then bodies may improve their IT security.


  • Registered Users Posts: 14,305 ✭✭✭✭ jimmycrackcorm


    wes wrote: »
    Basically, IT is heavily underfunded in most organizations, and basically you get best effort from the IT staff. That is assuming it hasn't been outsourced to the lowest bidder, or even if the out source company is good, they aren't given enough budget to actually manage the infra correctly.

    It's not so much underfunding as a lack of maturity in anti-cybercrime as an IT activity. Many organizations won't have any security specialists, not because of a lack of funding, but a lack of understanding of what is required.


  • Registered Users Posts: 3,840 ✭✭✭ fvp4


    Why do people upload passports to MyHome?


  • Registered Users Posts: 10,733 ✭✭✭✭ B.A._Baracus


    I would chalk that up to "human error" :p
    Be it the developer in charge didn't realize the data was in a folder on the server or simply did not care that day and marked the job as done :pac:


  • Advertisement
  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 62,232 Admin ✭✭✭✭✭ Beasty


    Fann Linn wrote: »
    Not related to this case or the HSE case specifically, but could someone sue a body be they private or State if their info is leaked? Just asking the question because I see it that if there was a penalty or reaction for this type of thing, then bodies may improve their IT security.
    Yes. Question is though how do you/can you quantify damages?

    It's also a GDPR failure leaving potentially significant penalties in addition to any damages


  • Registered Users Posts: 4,951 ✭✭✭ Allinall


    I have uploaded my passport and driving licence details to so may sites ( Banks, Pension, insurance, hotels, airlines etc.)at this stage that I have no doubt if someone put their mind to it, they could find them online.

    It doesn't keep me awake at night.


  • Registered Users Posts: 1,311 ✭✭✭ Sam Hain


    Allinall wrote: »
    I have uploaded my passport and driving licence details to so may sites ( Banks, Pension, insurance, hotels, airlines etc.)at this stage that I have no doubt if someone put their mind to it, they could find them online.

    It doesn't keep me awake at night.

    I wonder does the Romanian you sleep soundly?


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 62,232 Admin ✭✭✭✭✭ Beasty


    Just to add, many companies go through a massive exercise to protect their reputation if they are hacked. Many offer free credit checking (perhaps less relevant in Ireland). If someone gains financially from something like this, then it's clearly a cost to someone. If that's the consumer then compensation would be expected. Stealing an ID is not necessarily directly impacting on the consumer, but indirectly there can be a hell of a lot of hassle involved. That's where it becomes much more challenging to quantify any damages

    Many businesses will have insurance against such leaks. Typically though as soon as a claim arises premiums will rocket. The costs of upgrading IT systems and the like will usually be very substantial and that is unlikely to be covered by insurance (as it reflects lack of prior investment in the systems)

    Following a number of high profile cases many large businesses have invested massive amounts in adding additional layers of protection. Small to medium sized businesses are unlikely to be able to fund IT systems that offer maximum protection.

    Regardless of all of that, no system can ever be completely foolproof and there are limits to how much businesses can invest in improving systems. Many are arguably lucky that they are never targeted, or ignorant to the fact their systems have already been breached


Advertisement