It is understood that a number of users of the Irish national postal service An Post have been subject to an accidental data breach that has meant some of their personal details have been made available to a third party.
Apparently as many as 8k An Post customers who asked the company to redirect their mail to a new address have had their details shared with a subsidiary without their knowledge or permission. Thousands of customers who input their new details in the company’s mail redirection service have had their data inadvertently included in another file containing details from customers who had explicitly given permission for their name and address to be used to update external databases.
The problem occurred between April 2016 and September 2017. When An Post discovered the problem, they informed the Data Protection Commissioner (DPC) in Ireland and an investigation was carried out. They wrote to people who may have been affected:
- Your new address may have been updated on the records of companies you interact with, and you may have received letters from some companies to your new address instead of your old address. Please be assured that Data Ireland never discloses names and addresses from the file they receive from An Post to direct marketing companies.
– An Post
In this case the problem was the result of an error rather than a malicious hack but it does seem that An Post have been reluctant to release details in good time.