The Health Service Executive has said it “misconfigured” a database containing the vaccination information of more than one million people.
The issue was uncovered by security researcher Aaron Costello in 2021 who alerted the HSE about the problem.
According to Mr Costello, a technology system used by the HSE was misconfigured to allow access to the data to more people than it should have.
Mr Costello, who is a Dublin-based security researcher at cybersecurity company AppOmni, said the database contained private information on over a million Irish citizens including full names, vaccination status and vaccine type received.
The HSE said it fixed the misconfiguration on the day it was alerted to it.
“In this case an external source pointed out one misconfiguration which would have required deep technical expertise to exploit,” a spokesperson said.
“Apart from the source who informed us of this issue, there was no unauthorised accessing or viewing of this data.”
“If someone accessed data, we would be able to see this in the detailed logs which we analysed,” the HSE said.
The spokesperson added that the data accessed was insufficient to identify any person without additional data fields being exposed and, in these circumstances, it was determined that a Personal Data Breach report to the Data Protection Commission was not required.
