A data breach at a third-party contractor for the Irish National Police has exposed the records of seized vehicles. The breach, which was discovered in late October 2023, affected over 150,000 vehicles.
The database contained records from numerous private towing and storage companies acting as private contractors on behalf of Garda Síochána also known as the Irish national police service.
The records included notices of automobile seizure as well as destruction notices, release documents, scanned identification documents, insurance investigation inquiries, certificates of vehicle registration, and other documentation relevant to the detention of a vehicle.
Additionally, there were spreadsheets and monthly reports that included vehicle and registration information, names of vehicle owners, contractor information, and other potentially sensitive data. The total number of documents was 521,043 with a total size of 271.8 GB.
The exposed data includes vehicle registration numbers, make and model, VIN numbers, and the dates and reasons for seizure. The breach also exposed the names and contact information of the vehicle owners.
What To Do If You Are Affected by a Breach? Here Are Some General Suggestions
GDPR (General Data Protection Regulation) regulations apply in Ireland, and organizations are required to take data incidents seriously and notify both the relevant authorities and affected individuals promptly. GDPR grants individuals the right to have their personal data protected and to be informed about data breaches that may affect them. If you ever receive such notice or have reason to believe your data may have been exposed online, it’s important to identify and mitigate potential risks.
The Irish National Police has said that it is investigating the data breach and is working to notify the affected vehicle owners. The police have also said that they are taking steps to improve their data security measures.
