Yet more social welfare leaks

Today’s Irish Independent reveals still more leaks from the Department of Family and Social Affairs, along with information that the leaks were used by criminals to target their victims. As we’ve said before, there is a systematic problem of staff in public bodies abusing sensitive personal information, and no evidence of any political will to stop it. This case raises some serious questions:
* It is apparently “common practice” among department employees to be “checking people casually”. What does the Minister intend to do about this? How many employees have been sanctioned for doing this?
* Why did the Department conceal this case and express concern that it might “go public”?
* Why did the Department fail to discover this leak, acting only when notified by Gardai?

If you share our concern, you can click here to email the Minister, Martin Cullen looking for answers.

Full text:

Civil servant mole leaked intelligence to criminal

Security fears after top official gave information to his criminal brother

THE security of everyone’s personal and financial details is in serious doubt after a civil servant mole leaked highly sensitive information to his criminal brother.

The Irish Independent can reveal the brother used the key information, which is held by the Government, to burgle one man and attempt to extort money from three businessmen.

The mole worked in the Data Protection Section of the Department of Family and Social Affairs and broke the Official Secrets Act by passing on the details.

He later admitted to officials that it is common practice amongst civil servants to check up on the financial status of friends, family and acquaintances.

The married father passed on information including PPS numbers and the earnings of the men targeted by his criminal brother. Other records accessed out of “curiosity” were those of a politician, pop star and a “notorious criminal”.

The department was unaware of the breach until detectives from the National Bureau of Criminal Investigation contacted officials and told them the criminal had the sensitive information in his possession, and he had received it from his civil servant sibling.

It can also be revealed that there have been a number of breaches since, with employees deliberately leaking sensitive information to third parties.

A file on the matter was sent to the DPP but the department has refused to reveal the outcome of the investigation into the leaking of sensitive and confidential information.

The former employee:

* Checked personal details of colleagues and that of former acquaintances;

* Told his bosses that it was “common practice” among department employees to be “checking people casually”;

* Claimed he looked up classified information out of “nosiness” and “curiosity”.

When the breach was discovered it was feared he maliciously tampered with other records.

The documents, which have been released under the Freedom of Information Act to the Irish Independent, also reveal that department officials were anxious about the serious breach becoming public knowledge.

Emails sent between officials assigned to gather background information on the employee and his activities state: “You need to be aware of this. The risk that this could go public is genuine.”

So serious was the breach that teams from eight different sections within the department were drafted in to carry out the internal investigation.

Documents show the illegal activity emerged in April 2003 when gardai sent a letter to the department about their investigation into “three attempts to extort monies from businessmen” in the Dublin region.

“When X was arrested he had possession of a piece of paper which contained the name, address, former address, date of birth, PRSI No and amount earned the previous year,” the garda document stated.

Gardai pointed out the accused had a brother working in the department and asked that a full audit be carried out to ascertain had he accessed confidential details of the three men.

The former employee — who was sacked as a result of his improper conduct — had access to the Central Records System (CRS) of the department.

An inter-departmental email sent after he had been interviewed read:

“A member of staff is alleged to have obtained particulars of an individual from CRS, notified these particulars to his brother who initially committed a burglary on the person in question, and later used the information in the context of extorting money from the victim.

“The brother has been arrested and charged in relation to these offences. Our staff member has also been arrested. He has not yet been charged but I am advised he has admitted to obtaining the victims’ details and providing them to his brother. Gardai expect that he will be charged.”

Scrambled

Officials also frantically scrambled to establish how much computer privilege the employee had and whether he had deliberately amended personal details. “Could he edit/amend records?” one official asked a colleague by email.

“It is not clear what he was doing in accessing these accounts — some with great frequency — so we must eliminate what possibilities exist for him to tamper. He is very bright and has previously worked in the IT sector so would be a good candidate for picking up ways to do things!!”

During an interview the accused said civil servants commonly checked personal details of people they knew.

“He instanced that it was said to him early on … that he was married, before colleagues would have learned of this through conversation etc,” a transcript of the interview read. “He maintained ‘You know we have Civil Servant access here’ was said to him at one point.”

The employee admitted illegally accessing and passing on the information and tendered his resignation. He later withdrew but was subsequently sacked. Information held by the department includes name, date of birth, PPS number and any benefits being claimed, or claimed in the past.