Three laptops stolen from Eircom’s offices in west Dublin and an employee’s home could contain financial information relating to 6,845 eMobile and Meteor customers, along with 686 employees. Eircom has reported the breach to the Data Protection Commissioner.
As a precaution, the Irish Banking Federation has also been notified because the laptops are understood to have contained bank account, laser or credit card details.
The operator said the breach is a result of the theft of three laptops, two laptops from Eircom’s offices at Park West, Dublin, and a third laptop stolen from an employee’s home.
The incidents were immediately reported to the gardai and two separate investigations are ongoing. There is no evidence at this time that the data at risk has been used by a third party.
"Eircom treats privacy and protection of all data extremely seriously and we have taken the following pro-active measures to address the situation," Eircom said.
Eircom said that more than 20 customer care agents and account managers have initiated a contact programme to telephone all 550 customers whose financial data may be at risk.
"The agents will notify the customers of the risk and inform them of the specific data involved. They will also answer any questions or concerns they may have. In addition, all impacted customers will be notified by letter.
"As a precautionary step, we have contacted the Irish Banking Federation, who has notified their members of the potential risk to data for affected eMobile and Meteor customers," Eircom said.
Meteor customers who believe they may have been affected can contact the company at 1800 444 085 or go to its website.
eMobile business customers can contact the company directly on 1800 428278 or can visit its website.
Impacted staff have also been notified of the incident. A review of the group’s encryption policy is under way, to ensure all computers and laptops are compliant with the group’s encryption policy.
Internal investigation into theft from Eircom offices at Park West
Eircom said that during the internal investigation, it emerged that the two laptops contained personal data for some current and former eMobile and Meteor customers.
"Specifically, there is a potential data risk for 6,441 current and previous eMobile business customers, dating from August 2010 until December 2011. The data at risk for the vast majority of customers is personal data, including names, addresses and telephone numbers. There is a small group of approximately 146 customers where financial data, including bank account details, may be at risk.
"Separately, there is also a risk to data held within 404 Meteor customers. The data specifically concerns post-pay customers who applied online between January and July 2011.
"The personal data at risk includes details such as an applicant’s name, address and telephone numbers, as well as a range of documentation used to support a customer application, such as passport and driver’s licence details, various photo IDs or utility bills, which all may have been used to establish proof of identity. In some cases, financial data, such as bank account, laser or credit card details, is also at risk," Eircom said.
The laptop stolen from an employee’s home has yet to be recovered. An internal investigation has verified that the names and addresses of 686 Meteor employees are at risk.