Another data security breach reported at Bank of Ireland

4 Nov 2008

Ireland’s biggest bank has again been rocked by a data breach scandal – this time a data storage device with almost 900 customer account details has gone missing.

It emerged this morning that a USB key with 894 customer account numbers, names and addresses has been mislaid.

It is understood that no financial information on the customers was contained on the lost device.

The bank said it has no reason to believe the device has fallen into the wrong hands, but is mounting an investigation as well as taking steps to protect its customers’ interests.

It is believed the bulk of the data lost related to general bank business, but included in it were the account details of business and personal clients, as well as the first line of their addresses.

The Data Protection Commissioner is also launching an investigation.

The retention of unencrypted data on electronic devices is prohibited under the bank’s policies and procedures.

2008 has been a very revealing year in terms of how well-known Irish organisations and brands have lost electronic devices containing sensitive citizen information.

In the case of Bank of Ireland Life, a number of laptops went missing in the past year with details of some 31,000 life assurance account holders, and these weren’t protected by encryption technology.

In recent months, it emerged that a laptop, disc and BlackBerry was stolen from the home of a Health Service Executive worker. The information contained details such as names, addresses, dates of birth, contact phone numbers, GP names and occupational data.

It also emerged that as many as 390,000 details of social welfare recipients were contained on a laptop stolen at a bus stop from an executive with the Comptroller & Auditor General’s Office.

And earlier this year, a laptop belonging to the Irish Blood Transfusion Service containing details of some 175,000 blood donors was stolen in New York.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years