Almost two weeks ago four laptops were stolen from the offices of Bord Gáis in Dublin but details of the story have only emerged recently. Reports indicate that one of the four laptops was unencrypted yet it contained bank account details for 75,000 Bord Gáis Customers. It is thought that these customers had signed up as part of the Bord Gáis "The Big Switch" electricity campaign.

This story has been getting quite a bit of media attention today and deservedly so. Bord Gáis have apologised to the customers affected and indicated that they will be contacting these customers directly early next week. They have also urged any customers who signed up to Bord Gáis over the past four months to check their bank accounts to ensure they have not been the victim of fraud. According to a report by the Irish Times the Managing Director of Bord Gáis Energy, Dave Bunworth has said that while the laptop containing the account details of 75,000 customers was not encrypted it would be "very difficult to get into". I do not think this is statement will be comforting for any customers affected. Bord Gáis have issued a statement on their website that includes a Laptop Theft Q&A.

Data breaches of this kind are becoming a common occurrence. Less than one week ago 15 laptops were stolen from the HSE offices in Roscommon town and only 13 of them were encrypted. One of the unencrypted laptops was said to contain confidential information.

This leads me to some questions -

1. Will this incident have a negative effect on Bord Gáis and their "Big Switch" campaign?
I am not sure if it will, in fact I think the extra publicity will probably help their "Big Switch" campaign.

2. Does the general public really care about data breaches?
Honestly I do not think the general public care about data breaches. They are becoming such a regular occurrence now that there is the risk that people accustomed to them happening. I expect customers will still continue to sign up to Bord Gáis and their "Big Switch" campaign. It is only when people are effected by fraudlent transactions that they will start to pay attention.

It takes time and money to store information in a secure manner. As a result the secure storage of customers personal information will not be a priority for organisations. There needs to be an incentive for organsations to store their customers information in a secure manner. I believe this incentive should have two aspects:

• Positive - if customers care about data protection then it will become a priority for organisations.
• Negative - enforce financial and legal penalties for organsations who are negligent in their handing of personal information.

This leads me to my last question, one which I do not know the answer to.

Has any organisation in Ireland ever been prosecuted for breach of the Data Protection Act?

Dave

--

Related Posts:

• List of Irish email addresses made public

If you liked this article then you should subscribe to our Blog RSS feed.

This is a quick post to follow up on the recent What is gumblar? post. Its been the most popular blog post so far and is getting a steady stream of traffic from the search engines. I came across an article by the Google Security Team on their Google Online Security Blog that I thought was worth mentioning due to its relevance to the Gumblar post.

In the Blog post the Google security team provide some statistics on sites that distribute malware. They explain how they have automated systems in place to scan their index looking for potentially dangerous sites. Any sites deemed to be potentially dangerous are flagged as such in their search results.

The Blog post also includes a chart that shows the top 10 malware sites. They determined the top 10 by looking at the number of compromised web sites that referenced the malware site. The chart shows the Gumblar.cn has approximately 60,000 compromised sites. The chart has arrows to indicate when the domains were first flagged as being potentially dangerous. From looking at this start date you can see how Gumblar.cn really exploded onto the scene with the number of compromised sites growing rapidly.

You can find the complete article on the Google Online Security Blog.

Dave.

--

If you liked this article then you should subscribe to our Blog RSS feed.

What is Gumblar? and how do I remove it?