Permanent TSB – €277,500 Fine (Ireland, 2026)

€277,500Data Protection Commission8 May 2026Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Permanent TSB was fined for three data breaches that exposed customer information to fraud risks. Malicious actors were able to change account details over the phone, leading to financial losses for some customers. This case highlights the importance of following security protocols.

What happened

Permanent TSB experienced multiple data breaches due to unauthorized changes made to customer accounts.

Who was affected

Customers whose accounts were compromised and faced increased risks of fraud.

What the authority found

The Irish Data Protection Commission ruled that Permanent TSB did not follow its own security protocols, leading to the breaches.

Why this matters

This ruling serves as a reminder for businesses to strictly adhere to their security measures. Companies must ensure that all employees are trained to follow protocols to protect customer data.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR
View original scraped data
Art. 5(1) f) GDPR
Art. 32(1) GDPR
Art. 33(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 19 May 2026
amount discrepancy
Ireland enforcementData Protection Commission actionsAll Permanent TSB actions
Full Legal Summary
Detailed

The Irish DPA has imposed a fine of EUR 277,500 on Permanent TSB. The controller suffered three data breaches resulting from malicious actors in possession of certain customer information who called the controller's telephone service to change account information. This resulted in the data subjects being exposed to an increased risk of fraud and forced to close their accounts. In some cases, the attacks resulted in financial loss for the data subjects. The breaches occurred because, even though the controller had appropriate security protocols in place, those protocols were not followed.

Related Enforcement Actions (0)

No other enforcement actions found for Permanent TSB in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

8 May 2026

Authority

Data Protection Commission

Fine Amount

€277,500

Enforcement Tracker ID

ETid-3146

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Permanent TSB - Ireland (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: