The Revenue Commissioners has suffered more than 370 data breaches over the past 18 months.
Among the breaches were tax files being sent to ex-spouses, a former employee who had not returned encrypted devices and files, and dozens of cases of information being sent to the wrong address.
The Revenue said that there had been 256 data breaches throughout last year with a further 119 in the period from January to June 2023.
A database, released under the Freedom of Information Act, shows the most common types of incident were staff data getting sent to the wrong recipient within Revenue, or taxpayer data getting disclosed to third parties.
There were many breaches due to mix-ups between family members, or where partners had split up.
In one case, two brothers each received the other’s tax information after an incorrect tax reference number had been provided to one of their employers.
There were two cases where Revenue correspondence was sent to the address of an ex-spouse, both where the person involved had not yet provided a change of address.
In another case, Revenue staff data was viewable by other colleagues due to what was described as an “error by [a] third party”.
One case saw taxpayer data disclosed to a former member of staff by accident while a large number of breaches were reported where data was sent to the wrong firm of accountants or tax agents.
One entry in the database detailed the disclosure of a taxpayer’s data to a government department in error while another case saw a taxpayer’s details made available to an ex-spouse due to a Revenue mistake.
There was also a case where two taxpayers each had access to one another’s information due to a mix-up by an employer, according to the records.
Encrypted devices
Among the most serious breaches logged by Revenue was a case involving the “failure by [an] ex-staff member to return encrypted devices and files”.
A spokeswoman said that the Revenue Commissioners held and processed a huge amount of data as part of its core work.
She said: “A relatively small number of data breaches, mainly caused by human error, occur from time to time.
“The risk of human error cannot by its nature be totally eliminated, but Revenue strives to minimise and manage such risk.”
She added that where a data breach was likely to result in a risk to the rights and freedoms of the individual involved, the Data Protection Commission was notified.
