The Department of Justice has recorded more than 480 data breaches over the past three years including the loss of sensitive papers, encrypted devices, and unauthorised access to social media.
The breaches occurred across the department including key areas like international protection, the response to the Ukraine refugee crisis, and in citizenship applications.
A log showed 482 separate cases which included the loss or theft of 23 devices and two cases of the accidental or deliberate loss or destruction of data.
The largest number of cases – almost 400 – related to the unauthorised disclosure of personal information through letters or emails.
This included one case where “photographic material” was shown to a person who should not have seen it and two cases involving social media access or disclosure.
There were more than 50 cases of papers being lost or stolen, which included files from the immigration, citizenship and repatriation units.
Of 15 devices that were stolen or went missing, this included phones or laptops from the Probation Service, the Minister of State’s Office, and the immigration section.
An encrypted hard disc was also lost from the criminal justice section of the Department of Justice, FOI records showed.
A further eight encrypted devices disappeared or were robbed including one from the Security and Northern Ireland section of the department.
The two cases of accidental or deliberate loss or destruction of documents both took place in the Civil, Immigration Service Delivery, and EU Treaty Rights section.
Of the 482 cases reported between 2022 and 2024, 434 of the investigations have already been closed while one case was later found not to be a breach.
Four cases were notified to the Data Protection Commission (DPC) and the Department of Justice has taken all recommended measures.
Five other cases are still with the DPC, and the department said it was awaiting a decision on what steps they needed to take.
Asked about the breaches, a spokesman said they had a large organisation that dealt with tens of thousands of customers every year.
He said: “While data breaches can occur when dealing with a customer base of this size, there are typically fewer than 150 such breaches in any year in the department.
“Since 2022, 96 per cent of breaches have been in the ‘low’ or ‘medium risk’ categories, with 20 (four per cent) ‘high risk’ breaches.”
The spokesman said that 140 of the breaches had been notified to the Data Protection Commission based on a risk assessment by the department.
