CONNECT WITH US TODAY
Be the first to know the latest news and updates























Data Protection Commission said appropriate security protocols were not followed by the banks in three incidents
As part of the inquiry, the DPC said it assessed the appropriateness of PTSB’s technical and organisational measures for ensuring the security of personal data that it processed through its Open24 Contact Centre.
The Data Protection Commission (DPC) has ruled that PTSB did not follow appropriate security protocols during a series of data breaches in which malicious actors posed as bank customers to access individuals' account details.
Announcing its final decision on Friday, the data watchdog noted three incidents in which people called PTSB’s ‘Open24 Contact Centre,’ posing as customers to gain access to their accounts and amend account details.
In all three incidents, appropriate security protocols were not followed, the DPC said.
The malicious actors were able to change details associated with the accounts and obtain additional account information. As a result, account holders were exposed to an increased risk of additional fraud. The account holders were forced to close their accounts, and, in some cases, suffered financial loss.
As part of the inquiry, the DPC said it assessed the appropriateness of PTSB’s technical and organisational measures for ensuring the security of personal data that it processed through its Open24 Contact Centre. The DPC also assessed whether PTSB notified the DPC of the breaches within the timeframes required by the GDPR.
The watchdog found that PTSB "infringed the principle of integrity and confidentiality" of Article 5 of GDPR by "failing to ensure appropriate security of the personal data related to customer accounts using appropriate technical and organisational measures."
It also ruled that it infringed the 32nd article of GDPR, by failing to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by its processing of personal data within the Open24 Contact Centre and infringed Article 33 of GDPR by failing to notify the DPC without undue delay and within 72 hours of becoming aware of the breaches.
In light of these infringements, the DPC has reprimanded PTSB, fining the lender €250,000 for the infringements of Articles 5 and 32 of GDPR, and fined an additional €27,500 for the infringement of Article 33 GDPR.
The DPC will publish the full decision in due course.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
Newsletter
![]()
News and analysis on business, money and jobs from Munster and beyond by our expert team of business writers.
Push Notifications
By clicking on sign up you will be the first to know about a selection of business content on this browser. Please note if you are unable to sign up via your mobile web browser, download and sign up for mobile push notifications via our FREE news app.
Newsletter
![]()
News and analysis on business, money and jobs from Munster and beyond by our expert team of business writers.
Newsletter
![]()
Get a lunch briefing straight to your inbox at noon daily. Also be the first to know with our occasional Breaking News emails.

Newsletter
![]()
Had a busy week? Sign up for some of the best reads from the week gone by. Selected just for you.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。