Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File photo of a woman using a laptop Shutterstock/Thomas Andreas

Personal data of MyHome.ie customers 'inadvertently' leaked online

The Data Protection Commissioner has been notified.

PERSONAL INFORMATION OF customers of property website MyHome.ie was “inadvertently” leaked online, the company has confirmed.

A large number of customer files which were uploaded onto the MyHome.ie “customer relationship management (CRM) system” from 2014 were also, “unbeknownst” to the company, “automatically stored in a temporary folder on the MyHome.ie server”.

This folder was “inadvertently unsecured”, a spokesperson has confirmed. They added that the company has taken steps to rectify the issue by “removing and securing the relevant folder”.

The company has also notified the Data Protection Commissioner (DPC) and people who have used the CRM system since 2014.

The Journal has learned that the breach was discovered by tech company Vadix. During a recent review of publicly available cloud storage, Vadix discovered a large amount of files they believed belonged to MyHome.ie customers.

A spokesperson for Vadix said that over 700,000 documents dating from 2014 to 2017 were stored in the folder, including some passports, drivers’ licenses and compliance-related forms.

Vadix contacted MyHome.ie on 15 and 19 April about the Azure storage issue but did not receive a response, the spokesperson said.

When contacted by The Journal yesterday, MyHome.ie said it had rectified the issue earlier that day and contacted Vadix.

In a statement, a spokesperson for the company said: “There is no evidence to suggest that the data stored on this folder was accessed at any stage before this matter was brought to our attention. However, we do understand that an as yet unspecified number of these files included personal data.”

The spokesperson could not confirm the number of files in the folder, but confirmed that it was created in 2014.

The Journal has contacted the DPC for comment.

Note: Journal Media Ltd has shareholders in common with Daft.ie publisher Distilled Media Group.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
18 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds