Ireland
Permanent TSB
277,500 €
GDPR enforcement action by Data Protection Authority of Ireland on 2026-05-08.
Rank · Sector
#54
of 322 in Finance, Insurance and Consulting
Rank · Ireland
#18
of 36
Rank · All fines
#312
of 3,050
Case details
- Authority
- Data Protection Authority of Ireland
- Date
- 2026-05-08
- Controller / Processor
- Permanent TSB
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) f) GDPR, Art. 32 (1) GDPR, Art. 33 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Irish DPA has imposed a fine of EUR 277,500 on Permanent TSB. The controller suffered three data breaches resulting from malicious actors in possession of certain customer information who called the controller's telephone service to change account information. This resulted in the data subjects being exposed to an increased risk of fraud and forced to close their accounts. In some cases, the attacks resulted in financial loss for the data subjects. The breaches occurred because, even though the controller had appropriate security protocols in place, those protocols were not followed.
Open original source
Links to the regulator's original publication or another source.
Related fines
Ireland
2023-05-12
1,200,000,000 €
ETid-1844
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2025-05-02
530,000,000 €
ETid-2584
TikTok Technology Limited
Media, Telecoms and Broadcasting
Ireland
2022-09-05
405,000,000 €
ETid-1373
Meta Platforms, Inc.
Media, Telecoms and Broadcasting
Ireland
2023-01-04
390,000,000 €
ETid-1543
Meta Platforms Ireland Limited
Media, Telecoms and Broadcasting
Ireland
2023-09-01
345,000,000 €
ETid-2032
TikTok Limited
Media, Telecoms and Broadcasting
Ireland
2024-10-24
310,000,000 €
ETid-2469
LinkedIn
Media, Telecoms and Broadcasting