After a data breach involving sensitive bank details being sent to the wrong customers, Irish Water has improved its security controls as well as providing additional staff training.
Senior Irish Water officials uncovered a data breach in which up to 15 customers had details relating to direct debits posted to the wrong address.
According to Irish Water briefing notes, the public utility company claims to have significantly tightened its controls surrounding the use of customer data as a result of the breach.
“Irish Water has put in place a range of mitigating measures to ensure that these incidents, the primary cause of which is human error, do not happen again. These measures include no longer accepting direct debit mandates by phone, as well as instigating further training and widening the scope… of the quality control process”.
A little too late?
There’s no doubt that this breach could have been avoided if Irish Water had previously implemented tighter controls and provided more than adequate training to their staff.
The insider threat is present in every organisation, whether the threat is intentional or not. Organisations that want to avoid having a data breach (100% of organisations, I hope) must provide regular information security staff awareness training.
As cyber threats grow, it’s important that other threats to data aren’t forgotten about – in this case, sensitive letters.