BUS ÉIREANN HAS notified the Data Protection Commission after it published commercially sensitive material for up to 80 companies on a procurement website.

It said it “inadvertently” released the information containing details for the contracts and pricing of 119 school bus routes used over the past five years.

The names of the nearly 80 coach companies involved in the scheme were also included, it is understood.

One industry source warned that ramifications arising from the breach include a danger that small coach companies in the sector may be undercut by larger competitors due to the prices being revealed.

The semi-state is contracted to run the school transport scheme but the vast majority of routes are handled by private operators.

It uploaded a new tender for the nation’s school bus routes on a procurement portal last Friday 12 July but had mistakenly included the commercially sensitive information about the companies.

The new tender scheme covers school bus routes for the next five years.

In a statement to The Journal, Bus Éireann confirmed that a “data breach did occur” through its schools transport procurement portal and that it concerned the “rate for contracts” that expired last month.

The company said it had assured transport operators that the breach was an “isolated incident” due to “human error” and that it “regrets that this unintentional incident” ever occurred.

“Bus Éireann wish to assure all school transport operators this is an isolated incident and that we are taking appropriate steps to address matters through enhanced controls to ensure the continued integrity of the School Transport procurement process.”

It said the contract details were “uploaded to the site at approximately 9pm” last Friday 12 July and stressed that the “error was discovered at approximately 9.15am” the following morning. The company said it quickly removed the material from the site following this.

However, some coach companies saw the information in the few hours it was available.

The Journal has learned that the company has since had to contact some coach companies this week asking them to “immediately delete” contract details that were downloaded last week.

A spokesperson for the Coach Tourism and Transport Council, the largest representative body in the country for commercial bus operators, said that it had has been engaging with Bus Éireann on the “alleged breach of operators’ data”.

“We continue to provide support and advice to all of our members on any issues affecting their business. We have no further comment to make at this time.”