75,000 customers’ bank details on stolen Bord Gais laptop

18 Jun 2009

UPDATE: Just days after 15 laptops went missing from Health Service Executive (HSE) offices in Co Roscommon, it has now emerged that details of 75,000 Bord Gáis customers were contained on one of four laptops stolen a fortnight ago from the offices of Bord Gáis.

The laptops were stolen on 5 June when thieves broke into Bord Gáis offices in Dublin.

It is understood that one of the laptops contained bank details and other information partially related to customers who took part in the Bord Gáis ‘Big Switch’ electricity campaign. That laptop was unencrypted.

The company said the Data Protection Commissioner has been informed and that a Garda investigation is underway.

Managing director Charles Bunworth said Bord Gáis did not announce the theft until now because it did not want to alarm customers.

Apologising unreservedly, he said that any customer who has been affected by the laptop theft will be contacted by the company in the coming weeks.

Meanwhile, he urged any electricity users who signed up for the Big Switch campaign to check their bank balances to make sure they haven’t been defrauded.

“It is absolutely incredulous to hear that Bord Gáis have lost over 75,000 customers details on an unencrypted laptop. In light of all the recent data breaches from Bank of Ireland, Irish Blood Transfusion Board and the HSE, even lay people know that laptops with personal data need to be encrypted,” said Paul C Dwyer, CEO of TeamInfoSec Ireland, a security software company.

“Apart from the qualitative damage to Bord Gáis’ reputation and the Big Switch campaign, it is also possibly leaving itself open to civil damages from each of the 75,000 customers, if it is found that the company has breached the Data Protection Act,” Dwyer added.

Despite an increasingly dangerous digital environment, a surprising number of organisations have not implemented an encryption solution, according to Espion specialists.

“A comprehensive enterprise wide encryption strategy must consider all the ways data can be inputted to and outputted from the organisation, as well as how it is stored,” explains Colm Murphy, technical director with Espion Ltd.

Confidential information is especially at risk during transmission across untrusted networks, such as the Internet, and when stored on portable computing devices like laptops, data backups, USB flash memory drives, CD/DVDs and handheld devices.

“Given the size and complexity of some organisations, coupled with the fact that they can be continually evolving in terms of size and technological investment, it is difficult to identify a single solution that would satisfy all likely requirements,” he adds.

“A natural first step towards developing a comprehensive encryption strategy would be to perform a detailed analysis of what technologies currently exist in the organisation, how the end-user population interact with these technologies, and identify high risk users, areas and departments that would stand to benefit most from the introduction of an encryption solution,” said Murphy.

By John Kennedy

Pictured: Bord Gais headquarters in Cork

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years