Northern Ireland’s Independent Commission for Reconciliation and Information Recovery (ICRIR) has issued an apology following a “limited data breach” that resulted in the disclosure of 25 individuals’ names.
The breach occurred on Tuesday, 18 March 2025, due to an administrative error in an email address field. As a result, the names—primarily of individuals requesting investigations—were mistakenly shared with a single recipient who had previously sought assistance from ICRIR.
The issue was identified within a few hours, and the recipient confirmed they had deleted the information. No sensitive or special category data was exposed.
ICRIR has since reached out to those affected, offering a sincere apology along with further advice and support.
In a statement, the Commission emphasised its commitment to data protection, stating:
“The Commission takes very seriously its responsibilities in protecting the privacy of individuals and the security of information entrusted to us. We are very sorry for this error.”
An internal investigation is now underway, and a full report has been submitted to the Information Commissioner’s Office.
If your business needs support with data protection, please get in touch.