'Technical problem' exposed data of everyone who registered drone in last five months - IAA
The Irish Aviation Authority (IAA) has said that “a technical problem” has exposed the names, addresses and phone numbers of everyone who registered a drone with it in the last five months.
The regulatory body had threatened fines for those who bought a drone and did not register the device in its online database.
However it now says that the system allowed users to download the confidential details of those registered with the organisation.
The IAA does not know how many people have had their personal details compromised, nor how many times the register was accessed.
“Our investigations suggest that the error may have been in place since a software upgrade took place on the 11th March,” a spokesman for the organisation told Independent.ie.
“We believe very few people accessed the data and that they are from within the drone and aeromodelling community. We are asking all those who accessed the data to meet their obligations under the Data Protection Act and delete the information.
The register database has been in place since December 2015.
“At approximately 11pm on Sunday 3rd April, the IAA became aware of an error with the IAA Asset system used to register drones,” said the spokesman. “It has become evident that registered users were unintentionally given access permission rights to the Asset system, which allowed them to download information on other registered users via a CSV file. This data included names, addresses, email addresses and phone numbers. No other information was accessible and it must be highlighted that no financial data was included.”
The regulatory body said that it has informed the Office of the Data Protection Commission.
“Upon notification of the erroneous permission the IAA worked with its system supplier, CGH, to quickly resolve the matter,” said the IAA spokesman. “The system was taken offline, fixed, tested and restored within two hours.”