THE GAA’s entire membership database containing details of over half a million people was stolen and copied, it has emerged.
The details included dates of birth, mobile and landline numbers and e-mail addresses along with sensitive medical information about 544 players. It also contains names and addresses of the GAA’s 167,175 players who are under 18.
The theft was first notified to the association on November 19th, but the information was only made public yesterday.
The information was stolen from the Belfast-based IT company Servasport. It maintains the GAA’s database on behalf of the association.
The information was copied on to disks and sent to the Office of the Data Protection Commissioner and the Gaelic Players’ Association in the South and the Information Commissioners Office in Belfast.
The disks were forwarded to GAA headquarters who in turn passed them on to the PSNI to investigate. Police arrested a man who has been released on bail pending further inquiries.
One line of inquiry being pursued is that the person who leaked the information had a grudge against Servasport and wanted to embarrass the company.
Former GAA president Nickey Brennan, who is head of the association’s IT committee, said they could not disclose the information before yesterday because of the nature of the PSNI investigation.
“We have been completely upfront about it. We are not hiding anything,” he said.
He assured GAA members they had nothing to fear from the leak of the database because it contained “low-level information” and no financial details were disclosed.
Mr Brennan said the association regarded it as a “serious matter” but he was convinced that there were no sectarian motives.
“The members don’t have anything to worry about. However, it is important that the GAA is taking this seriously. We are annoyed that this has happened. When something like that happens, there is a process and a protocol that has to be observed under the law. We had to comply with the request of the Data Protection Commissioner.”
Association director general Páraic Duffy has written to every club stressing that Servasport had issued an “unreserved apology” to the association and all its members for the database breach.
The Office of the Data Protection Commissioner has sought to assure people that there is no evidence to suggest that the leak in question was for an illegal purpose or to perpetrate identity theft.
The GAA has set up a helpline for those affected on 1890 987 807 or 0800 0114787 from the North.