There must have been a certain amount of schadenfreude in the executive ranks of Irish banks this week following the news of a data breach at the Central Credit Register, which is controlled by the Central Bank of Ireland.
For the past 15 years, the financial regulator has beaten up the banks on a variety of issues, including the tracker mortgage scandal and various technology outages that have left consumers without access to their accounts and funds (most recently with Bank of Ireland last week).
The Central Bank has talked tough on the failings of various lenders and issued chunky fines to errant financial services providers. So news that the Central Bank is fallible must have given rise to a few wry smiles among bankers.
‘There’s no farming without profit, it’ll be gone in the morning if there isn’t money’
The Central Bank’s admission that there had been a data breach involving the credit register is hugely embarrassing. To add to its embarrassment, the Central Bank has had to report the breach to the Data Protection Commission.
The breach involved the central credit register holding on to personal credit histories for longer than allowed, possibly affecting the ability of people to seek loans from banks or other lenders, although the number of people affected by the breach has not been confirmed.
The regulator conceded that the error could have influenced loan applications for up to 20,500 people but said it could not at this point determine accurately the extent to which it “adversely affected” anyone seeking credit.
Lots of questions about the data breach remain to be answered, including who is carrying out the investigation into the breach, what are the terms of reference and will the findings be published. We still don’t know how many people were affected negatively. And if it’s found that some consumers were denied a loan, overdraft or mortgage, will there be redress or compensation?