Dublin: 2°C Wednesday 1 December 2021

Man arrested as GAA admit members' data compromised

Discs containing sensitive personal details were breached, Croke Park admits.

Image: Anthony Devlin/PA Archive/Press Association Images

THE GAELIC ATHLETIC Association says that the personal details of over 500,000 of its members have been compromised.

A database containing the details, which included references to the medical condition of some members, has been ‘breached’.

A man was arrested earlier as part of the investigation, according to the BBC.

The Office of the Data Protection Commissioner says it is investigating the incident, of which the GAA learned on November 19th.

Disks containing the database had been received by the Office of the Data Protection Commissioner and the GPA as well as the Information Commissioners Office in Belfast.
The database contains the names and addresses of 501,786 members.

In the case of 544 members, the database contains reference to a medical condition. Croke Park says it was writing directly to these members.

The database also includes

  • the birthdates of 288,511 members
  • the mobile numbers of 107,212 members
  • the landline numbers of 63,695 members
  • the email addresses of 30,171 members.

The GAA says it has received an apology from Servasport, a Belfast-based company that maintains the association’s database.


Get closer to the stories that matter with exclusive analysis, insight and debate in The42 Membership.

Become a Member

A statement from the Office of the Data Protection Commissioner read:

The Office has received full co-operation from the GAA in the course of our investigation.

As the incident has a cross-border element we are liaising closely with our colleagues in the Information Commissioner’s Office in Belfast as well as the PSNI.

In the vast majority of cases the affected data is limited to name, address, date of birth, email address (where applicable) and contact phone number.

In approximately six hundred cases the affected data includes information on health conditions.

The Office of the Data Protection Commissioner wishes to assure those affected that there is no evidence as yet that the data in question will be used for an illegal purpose or could be used to perpetrate identity theft on its own.

The delay in informing members of the breach was due to an ongoing PSNI investigation, they explained.

About the author:

Read next: