MyHome.ie reports personal data leak to authorities

19 May 2021

Image: © Aldeca Productions/Stock.adobe.com

The issue, which relates to unsecured personal information on the property website from 2014, has been reported to the Data Protection Commission.

Property website MyHome.ie has reported a potential data breach of personal information dating back to 2014 to the Data Protection Commission.

It stems from customer data being uploaded to an unsecured folder on its server in 2014.

“It has come to our attention that customer files which were uploaded onto the MyHome.ie customer relationship management (CRM) system from 2014 were also, unbeknownst to us, automatically stored in a temporary folder on the MyHome.ie server. This folder was inadvertently unsecured,” the company said in a statement.

Some 700,000 documents are believed to have been in the unsecured folders, including ID documents. MyHome.ie, which is owned by the Irish Times, has since secured the folder and has notified the Data Protection Commission (DPC) of the issue.

“There is no evidence to suggest that the data stored on this folder was accessed at any stage before this matter was brought to our attention,” the company added.

“However, we do understand that an as yet unspecified number of these files included personal data.”

TheJournal.ie reported that the information was found by a tech company called Vadix after a recent review of data available on public clouds. Vadix said it flagged the issue with MyHome.ie last month.

News of the incident comes during a particularly tense time in Ireland for cybersecurity and data protection as Ireland’s health service continues to recover from last week’s devastating ransomware attack that saw many services shut down.

Since that time, a number of small Irish internet service providers were hit by denial of service attacks but there does not appear to be a link between those attacks and the ransomware attack on the HSE.

Jonathan Keane is a freelance business and technology journalist based in Dublin

editorial@siliconrepublic.com