THE private bank accounts of nine Irish Rail employees were "inappropriately accessed" by an agent hired by the company.
A probe by the Data Protection Commissioner found that the man who "played a key role" in accessing bank accounts was operating from overseas and was now dead.
An Irish private investigator who was also interviewed in the probe was "not involved" in accessing accounts.
The investigation was launched in 2010 after the allegations emerged in a High Court dispute between Irish Rail and a senior manager who was involved in investigating fraud in the company.
A statement issued by the Data Protection Commissioner's office this weekend said Irish Rail "acknowledged" the "unacceptable level of surveillance" on employees: "It was apparent to the investigation that one senior manager at Irish Rail authorised the surveillance and accessing of bank accounts without the knowledge or approval of management."
The investigation found "that the private bank accounts of nine employees or former employees of Irish Rail were inappropriately accessed in 2007. The bank accounts were held in four different financial institutions".
Because of the passage of time, the investigation was unable to identify "precisely how or when" employee bank accounts had been accessed. "In one case, however, the investigation did find evidence of an unsuccessful attempt by an individual by means of a telephone call to obtain bank statement information in respect of one of the bank accounts concerned," the statement said.
"The investigation was satisfied that this attempt to inappropriately access bank account information was made by an individual phoning from outside of the State."
The statement continued: "It also emerged that the individual who played the key role in accessing information from the bank accounts was operating from outside of this jurisdiction and that he is since deceased."
The investigation was also told how a GPS tracking device was fitted on the car of an employee of a contractor of Irish Rail, and the emails of 35 employees were monitored.
The investigation into the data protection breach at Irish Rail remains "open".
A spokesman for the commissioner said Irish Rail co-operated fully with its investigation, acknowledged that "an unacceptable level of surveillance" was carried out, and blamed one senior manager for authorising it without the knowledge of management. The manager was involved in investigating and exposing fraud within the company.
Irish Rail alleged the manager had accessed bank details of some staff and emails of others were monitored.
According to a statement, private investigators can no longer be hired by Irish Rail without the written permission of the chief executive.