The Office of the Data Protection Authority has released personal data breach statistics for Q4 of 2025.
It said that it saw a similar number of self-reported personal data breaches compared to the previous quarter, though there was a ‘welcome decrease’ in their average severity.
In most cases an organisation became aware of the breach through their own employees, rather than from the data subject affected or another party, suggesting improved awareness from those handling personal data, it said.
The inverse was the case in the previous quarter.
‘This is cause for encouragement, as by detecting breaches internally, the ensuing harm can often be reduced and the matter resolved more quickly,’ said a spokesman for the ODPA.
Of the 61 reported breaches in Q4, only 12 were classified as high-risk, compared to 20 in the prior quarter. Emails sent to incorrect recipients continued to be the most common type of breach reported, with several breaches in the past few months caused by people using personal email accounts to send or receive work-related information.
‘This is a problem for several reasons,’ said the spokesman.
‘Firstly, personal email providers are outside the control of the organisation meaning usual security policies do not apply and the organisation does not know what its data is being used for.
‘Furthermore, access is likely to be less tightly controlled, as accounts can be shared by couples or devices given to children, which means information could easily fall into the wrong hands.
‘Finally, using personal messaging to conduct your work can blur where the boundaries of your personal life and your job are, in a way that harms professionalism and confidentiality.’
Most potential harms raised related to a loss of confidentiality or control of personal data but there were also a significant number of cases of personal distress or reputation flagged up to the ODPA.
The number of incidents reported has been steadily rising in the past few months.
A year ago there were only 33 infractions reported to the ODPA for October, November and December 2024.
You need to be logged in to comment. If you had an account on our previous site, you can migrate your old account and comment profile to this site by visiting this page and entering the email address for your old account. We'll then send you an email with a link to follow to complete the process.