PSNI investigate GAA members' breach

[county derry post]

PSNI are investigating after it emerged that the data of 501,786 GAA members may have been breached following "unauthorised access to the GAA's membership database." Servasport Ltd, which manages the GAA's database, issues an unreserved apology to the GAA and its members.
The database contains names and addresses of 501,786 members.
In relation to these members the database holds:
288,511 dates of birth
107,212 mobile numbers
63,695 landline numbers
30,171 email addresses
In the case of 544 members, the database contains a reference to a medical condition and the GAA is writing directly to each of these members setting out the information recorded about them.

[Man Marker]

You want te get one of those guys to hack into this data base to find out who is the poster' called 'Dreams' 

[bottlethrower7]

just got this from my club

A Chara,

We are writing to advise you that Servasport Ltd., has informed the GAA that there has been unauthorised access to the GAA membership database.
Servasport  Ltd., a Belfast based company that develops and maintains the GAA membership database, has issued an unreserved apology to the GAA and to our members.



The GAA became aware of the data breach when it was informed on the 19th November 2010 that disks containing the database had been received by the Office of the Data Protection Commissioner and the GPA, who immediately passed the disk to the GAA. The Information Commissioners Office in Belfast also received a disk.



An investigation is being carried out by the Police Service of Northern Ireland and in order to facilitate this investigation the GAA has been unable to inform members until today.
The database contains names and addresses of 501,786 members.

In relation to these members the database holds:



·         288,511 dates of birth

·         107,212 mobile numbers

·         63,695 landline numbers

·         30,171 email addresses

In the case of 544 members, the database contains a reference to a medical condition and the GAA is writing directly to each of these members setting out the information recorded about them.

167,157 of the members on the database are under 18 years of age. It is GAA policy that mobile phone or email details of persons under 18 years of age should not be stored on any database. The policy states that any such communication should be via the mobile phone or email address of their parent or guardian.No other GAA IT system is affected by this incident. The database does not contain financial or any other information.

This matter is being taken very seriously by the GAA:

·         The GAA is working closely with the Office of the Data Protection Commissioner, the Information Commissioners Office and the Police Service of Northern Ireland

·         Deloitte has been engaged to undertake an independent review of Servasport  and other suppliers of IT to the GAA

·         All clubs have been sent this email

·         The GAA has set up an Information Line

Any member or any parent/guardian with any questions, or who wishes to establish whether data relating to them has been affected by this incident, should contact the Information Line on Lo Call Number : 1890 987 807 or 0800 0114787 (from Six Counties) 8am to 8pm daily. 



The compilation of the GAA database is the result of enormous effort by our volunteers across the country. The GAA greatly regrets that this incident has occurred. We would ask for your help by informing your members of the contents of this email.
Páraic Ó Dufaigh

Ard Stiúrthóir-
GAA Communications Department
Guthán 1 / Tel 1: +353 (0) 1 836 3222
Faics / Fax: +353 (0) 1 836 8420
http://www.gaa.ie

GAA, Páirc an Chrócaigh, Baile Átha Cliath 3  /  GAA, Croke Park, Dublin 3

[Zapatista]

So what happened? Did someone just take the info and send it to the data protection agency and the gpa?

[Hereiam]

And sent copies to the following

. UVF
. UDA
. Orange Order
. SAS
. F.A.I.R

[crossdoesitbest]

And sent copies to the following

. UVF
. UDA
. Orange Order
. SAS
. F.A.I.R

And now they're handing it over to the PSNI just in case they missed anyone on the list!!!   

[dublinfella]

So what happened? Did someone just take the info and send it to the data protection agency and the gpa?

That seems to be the long and the short of it. Most peculiar

Why do the GAA hold medical information on 544 of its merchandising customers? 

[brokencrossbar1]

So what happened? Did someone just take the info and send it to the data protection agency and the gpa?

That seems to be the long and the short of it. Most peculiar

Why do the GAA hold medical information on 544 of its merchandising customers? 

I don't know, why don't you write an e-mail to Pauric Duffy if you're so concerned?

[ziggysego]

Is this every paid up member to the GAA in Ulster?

[dublinfella]

So what happened? Did someone just take the info and send it to the data protection agency and the gpa?

That seems to be the long and the short of it. Most peculiar

Why do the GAA hold medical information on 544 of its merchandising customers? 

I don't know, why don't you write an e-mail to Pauric Duffy if you're so concerned?

Don't be a tosser. Its a valid question, and the line that they are writing to all  544 telling them that what information was on file implies they might not have known.

[dublinfella]

Why do the GAA hold medical information on 544 of its merchandising customers?

Im sure it is youth with medical conditions. The only field that I can see that would hold such information would be the 'Other Info' field though - I have never saw a specific one entitled 'medical conditions'.

Asthma and the like?

While I understand clubs having that info to hand, not sure should the association have retained that info centrally

[orangeman]

Panic is over.


They've got him ( or so it seems ) :

Stolen GAA database - man arrested
Details of hundreds of thousands of GAA players were stolen A man has been arrested after a list containing personal details of more than 500,000 GAA members was stolen.

It was taken from Servasport, a Belfast-based company that develops and maintains the database.

It is understood that a major line of enquiry is that a disgruntled former employee copied the information.

It was subsequently posted to the Gaelic Players' Association, the Data Protection Commissioner and the Information Commissioner.

In total, the list contained the names and addresses of 501,786 members.

The GAA (Gaelic Athletic Association) said that due to an ongoing investigation by the PSNI, it had been unable to inform its members until today.

It is understood the man arrested has been released on bail.

As well as the names and addresses, the database holds:

288,511 dates of birth
107,212 mobile numbers
63,695 landline numbers
30,171 email addresses
In 544 individual cases, the database referred to a medical condition.

The GAA said it would write directly to each of these members setting out the information about them.

Over 167,000 of the members on the database are under 18.

An association spokeswoman added that no other GAA IT system had been affected by the incident and stressed that the database did not contain any financial information.

She said that a business consultancy firm had been asked to undertake an independent review of Servasport.

"This matter is being taken very seriously," the spokeswoman added.

[brokencrossbar1]

So what happened? Did someone just take the info and send it to the data protection agency and the gpa?

That seems to be the long and the short of it. Most peculiar

Why do the GAA hold medical information on 544 of its merchandising customers? 

I don't know, why don't you write an e-mail to Pauric Duffy if you're so concerned?

Don't be a t**ser. Its a valid question, and the line that they are writing to all  544 telling them that what information was on file implies they might not have known.

Perhaps it's for insurance purposes, perhaps its for information relating to the needs for the disabled, perhaps it relates to memebrs who are also paid employees of the Association?  The reason I was short with you is due to your normal GAA bashing attitude.  I doubt if there is any nefarious rationale behind the information provided and I would also doubt that there is any obligation to provide it.

[Rossfan]

Panic is over.


They've got him ( or so it seems ) :

that a major line of enquiry is that a disgruntled former employee copied the information[/size][/b].

Soccerfella can relax ... it wasnt a bigoted anti soccer plot after all

[dublinfella]

Perhaps it's for insurance purposes, perhaps its for information relating to the needs for the disabled, perhaps it relates to memebrs who are also paid employees of the Association?  The reason I was short with you is due to your normal GAA bashing attitude.  I doubt if there is any nefarious rationale behind the information provided and I would also doubt that there is any obligation to provide it.

There are over 500,000 peoples details on the leakedfile. There are not 500,000 members of the Ulster GAA. So my point, articulated badly, is that this stinks of the GAA not having a proper data protection policy and they got stung. If they were holding former members medical details on file, there is a problem