A cross-border investigation has been launched on a breach into a database of over 500,000 GAA members that also includes health information of 544 members.
The data base contained information on 501,786 members. There were 288,511 dates of birth, 107,212 mobile numbers, 63,695 landline numbers and 30,171 email address within the breached base.
167,157 of these members are under 18, however, the GAA have stated that no mobile or email address were in the database for these people.
In 544 cases, data on health conditions of members were accessed. The GAA is writing to people whose health data was affected.
The breach occurred through “unauthorised access” into the system, according to the Office of the Data Protection Commissioner. No equipment was stolen and exactly how the unauthorised access happened is uncertain at this point.
The database is provided and maintained by Servasport, a Belfast company, who informed the GAA of the breach.
The GAA and the Office of the Data Protection Commissioner is working with the Information Commissioner’s Office in Belfast and the PSNI in the case.
The Office of the Data Protection Commissioner wishes to assure that there is “no evidence as of yet” that the data will be used for illegal purposes or to perpetrate identity theft.
However, they advise GAA members to be cautious in relation to “any unsolicited contacts” they receive through the post, over the phone or through email in regards to their GAA membership that ask for further personal information.
The GAA has informed all clubs of what happened and has set up an information line at 1890 987807 for the Republic of Ireland and 0800 011 4787 for Northern Ireland.
Deloitte have been engaged to undertake an independent review of Servasport and other IT suppliers of the GAA.