|
Jun 18
2009
|
Stolen laptop contains account details for 75,000 Bord Gáis customersPosted by: Dave on Jun 18, 2009 |
|
Almost two weeks ago four laptops were stolen from the offices of Bord Gáis in Dublin but details of the story have only emerged recently. Reports indicate that one of the four laptops was unencrypted yet it contained bank account details for 75,000 Bord Gáis Customers. It is thought that these customers had signed up as part of the Bord Gáis "The Big Switch" electricity campaign.
This story has been getting quite a bit of media attention today and deservedly so. Bord Gáis have apologised to the customers affected and indicated that they will be contacting these customers directly early next week. They have also urged any customers who signed up to Bord Gáis over the past four months to check their bank accounts to ensure they have not been the victim of fraud. According to a report by the Irish Times the Managing Director of Bord Gáis Energy, Dave Bunworth has said that while the laptop containing the account details of 75,000 customers was not encrypted it would be "very difficult to get into". I do not think this is statement will be comforting for any customers affected. Bord Gáis have issued a statement on their website that includes a Laptop Theft Q&A.
Data breaches of this kind are becoming a common occurrence. Less than one week ago 15 laptops were stolen from the HSE offices in Roscommon town and only 13 of them were encrypted. One of the unencrypted laptops was said to contain confidential information.
This leads me to some questions -
1. Will this incident have a negative effect on Bord Gáis and their "Big Switch" campaign?
I am not sure if it will, in fact I think the extra publicity will probably help their "Big Switch" campaign.
2. Does the general public really care about data breaches?
Honestly I do not think the general public care about data breaches. They are becoming such a regular occurrence now that there is the risk that people accustomed to them happening. I expect customers will still continue to sign up to Bord Gáis and their "Big Switch" campaign. It is only when people are effected by fraudlent transactions that they will start to pay attention.
It takes time and money to store information in a secure manner. As a result the secure storage of customers personal information will not be a priority for organisations. There needs to be an incentive for organsations to store their customers information in a secure manner. I believe this incentive should have two aspects:
- Positive - if customers care about data protection then it will become a priority for organisations.
- Negative - enforce financial and legal penalties for organsations who are negligent in their handing of personal information.
This leads me to my last question, one which I do not know the answer to.
Has any organisation in Ireland ever been prosecuted for breach of the Data Protection Act?
Dave
--
Related Posts:
If you liked this article then you should subscribe to our 
Blog RSS feed.
written by John Flanagan , June 18, 2009
Great post Dave. And I'd like to know the answer to your final question as well.
written by John Clarke , June 19, 2009
Dave,
I think it's unlikely that these thefts were planned with the aim of getting customer information to perpretrate a fraud - much more likely to be opportunistic robberies, with the aim of reselling the laptops.
It's an interesting point that the general public have grown used to these stories - there must be one a week. But asthere has never been a subsequent fraud incident, I think the public have grown complacent to them. So good for the media to shout about, but not where the real danger is.
There are criminal organisations out there trying to get your details to commit fraud, but they are not doing it through pinching laptops in Roscommon. It's all done at arms length, either via the internet, or by social engineering via phone calls.
Regards
John
