The Irish Aviation Authority (IAA) has had to make a public apology following an error that accidentally published the names of every drone user registered with the authority to every other drone owner.
Irish drone owners who own aircraft weighing more than 1kg are legally required to register with the IAA before they can fly it in any capacity, but drones under 1kg can be bought and flown with no registration.
According to the IAA’s incident report, the breach of data which led to it being shared among all the Irish registered users occurred at 11pm on Sunday (3 April).
“Users were unintentionally given access permission rights to the ASSET system, which allowed them to download information on other registered users,” the statement reads.
Data Protection Commission informed
In terms of what data was shared accidentally, the IAA said that it included users’ names, addresses, email addresses and phone numbers.
However, it has stressed that no financial information on drone users was revealed and that the incident was entirely the fault of the IAA and not the result of a breach caused by an external cyberattack.
With the data being made available as a .csv file, the IAA is now calling on those who have downloaded it to delete it from their systems, but, in the meantime, it took the website offline for two hours to amend the error.
The IAA says it is now taking measures to address the issue having already contacted the Office of the Data Protection Commissioner, but it has not contacted individual drone users directly.
Drone image via Shutterstock
Updated 16:39
This article has been amended to reflect that the IAA has not contacted users directly.
Updated 10:25, 07 April
The IAA has now informed us that all those affected have been informed.
