Electric Ireland data breach On 9 November 2023, Electric Ireland announced that some 8000 of its customers had been affected by a data breach, leaving them open to potential fraud. If you were among the customers affected by the data breach, we can provide you with specialist advice about what to do next.
What was the Electric Ireland data breach?
In early November, Ireland’s largest electricity company, Electric Ireland, released a public statement that the data of approximately 8000 of their 1.1 million customers had been exposed in a data breach.
Electric Ireland said the employee of a company working on its behalf could have inappropriately accessed the personal and financial details of its customers, which could lead to the misuse of their data.
The company said it had written to affected customers with instructions about what to do next and to contact them directly if they had been victims of fraud.
It confirmed the breach is being investigated, and An Garda Síochána and the Data Protection Commissioner are involved.
While Electric Ireland works to address the breach, its customers now carry the burden and anxiety of having to safeguard their accounts, with some having to deal with the impact of fraud.
What does the law say about a data breach?
The law is very specific about the use of your personal and sensitive data. It says when an organisation collects and uses your data, that it has a legal duty of care to protect it. Furthermore, it can only use your data for the purposes for which you have given permission.
The law governing data use and protection is called the General Data Protection Regulations (GDPR). It applies throughout the European Union and is the strictest privacy and security law in the world.
Under the GDPR, organisations have strict obligations when collecting, storing and using your personal data and must ensure it remains accurate, current, and is being used solely for the reason you specified. If not, the organisation is compelled by law to delete your data.
Another important aspect of the GDPR is that the data must be made available to you when you request it.
In the event of a data breach of your personal information, the organisation must notify you within 72 hours.
There are severe penalties for organisations who do not comply with the GDPR. The most serious breaches can expose an organisation to a fine of up to €20 million or 4% of a firm’s annual revenue from the preceding year, depending on what is higher.
You can find out more about the GDPR at the Citizens Information website.
Do I need data protection?
If you have been notified that your data has been involved in a breach, you should first find out what data has been compromised.
Then you can take steps to secure your online personal and financial accounts and advise the relevant organisations (such as your bank or the Department of Social Protection) of the breach.
Data breaches can be extremely stressful and affect a number of areas of your life. Depending on how your data has been misused, there is the potential for fraud, financial loss, and a whole host of troubling emotions, including anxiety, embarrassment, and anger.
The GDPR outlines your rights in the event of a data breach and provides a pathway for you to help recover the cost of any financial damage and emotional anguish you have experienced.
If you have been affected by the Electric Ireland data breach, we can help relieve some of the stress and anxiety you might feel.
We are specialists in data protection law and the GDPR and can advise you about your rights and how to handle a data breach that has resulted in you falling victim to fraud.
Talk to a member of our team who understands what you’re going through.
Call us now at 01 264 5555 or complete our Online Enquiry Form for expert advice and legal support you can count on.