Telecoms firm Eir says a data breach affects thousands of customers.
Eir, one of Ireland’s largest telecoms firms, says an unencrypted laptop was stolen “offsite” on Sunday 12 August.
According to the company statement, the computer contained personal details including names, email addresses and customer account numbers. No financial details were present on the machine.
Eir notified the DPC
The firms said it immediately informed the Office of the Data Protection Commissioner, Helen Dixon, as well as the Gardaí.
Customers are being notified today and the company stressed there is no evidence that the data at risk has been used by a third party.
Eir said its usual policy is that all company laptops should be password-protected and encrypted. It added that the stolen laptop in question was decrypted by a faulty security update the previous Friday.
Laptop bugs resolved
A number of company laptops were affected by the same update bug, which Eir says has now been resolved. It said: “We are reviewing our IT and data protection systems and policies to ensure a situation like this cannot happen again.”
Both consumer and small business customers have been affected by the breach. Eir said that its data protection rules are “very rigorous” and it advised customers to add another security question to their accounts if they feel concerned about their information.
Under the remit of GDPR, firms can face astronomical fines for the loss or misuse of customer data. It is worth noting that early notification to the relevant data protection authorities and those affected by a breach is seen as good practice.
In general, consumers should take advantage of all options to make their user accounts more secure, whether that is adding security questions or changing passwords on a regular basis.