The Irish Department of Defence recorded 31 data breaches in 2025, two of which were reported to the Data Protection Commission.
The exact nature of the breaches is not clear, as the figures came from a response to a parliamentary question by Fianna Fáil TD Cathal Crowe, and the Department did not specify the severity or cause of these breaches.
Deputy Crowe aalso asked about breaches at the Department of Foreign Affairs and Trade. The relevant Minister, Helen McEntee, who was appointed late last year, replied that her Department had reported 123 data breaches in 2025 for which “this Department bore principle responsibility” to the Office of the Data Protection Commission (DPC).
She explained that, in addition to these breaches, there were also a number of “postal carrier breaches”, such as sending official documents to the wrong address.
“In addition to these data breaches, and in accordance with advice sought and received from the Office of the DPC, my Department further notifies that Office of cases of what are described as postal carrier breaches, that is the loss or mis-delivery of documentation in the postal system,” McEntee explained.
“This includes consignments that have been correctly addressed and dispatched by my Department to the intended recipient, often resident abroad, but subsequently lost or mis-delivered by a postal provider.”
She further added that where a passport is sent to the wrong address or lost in the postal system, the Department “takes responsibility for cancelling the lost or compromised passport and reissues a new passport as standard practice.”
“Similarly, the Passport Service provides assistance to individuals whose supporting documents are lost when being returned to an applicant through the postal system,” she said.
“My Department regularly engages with the postal provider to highlight the issue and monitors global postal issues arising which may impact the dispatch and safe receipt of documents issued or returned by the Department.”
Notably, there were no data breaches recorded by the Department of the Taoiseach in 2025.
Gript previously revealed that over the ten-year period from 2014 to 2024, Irish Government Departments were affected by nearly 6,900 data breaches. More than half of those incidents – 3,637 in total – occurred within the Department of Social Protection alone.
Most of these breaches were never formally notified to the Data Protection Commission, on the grounds that they were assessed as posing minimal risk.
The figures show that many of the incidents stemmed from simple internal errors, including correspondence being misdirected and electronic communications being sent to the wrong recipient, rather than from deliberate wrongdoing such as hacking or theft.