Anybody who made "The Big Switch" might want to watch their bank account for a while.

http://www.irishtimes.com/newspaper/ireland/2009/0618/1224249068004.html


SOME 75,000 Bord Gáis customers have been warned to monitor their bank accounts for suspicious transactions after a laptop computer containing their account details was stolen.
.........
The laptop contains details such as account numbers, home addresses and branch details of people who had recently switched from the ESB as part of Bord Gáis’s “big switch” campaign.

Anybody who made "The Big Switch" might want to watch their bank account for a while.

http://www.irishtimes.com/newspaper/ireland/2009/0618/1224249068004.html

Just changed over a few weeks back so wouldn't be at all surprised to hear that my details were among those lost. Will certainly be keeping a close eye on the bank account for a while.

That said it's highly unlikely that any of the local skangers will be engaging in high level identity theft. I'd say they'll spend more time worrying about installing champ manager and finding free porn.

Click (http://www.irishtimes.com/newspaper/breaking/2009/0618/breaking29.htm)


Managing director of Bord Gáis Energy Dave Bunworth said this morning the stolen laptop containing the account details of 75,000 customers would be “very difficult to get into” despite it not being encrypted.

“I don’t want to minimise the risk but this is not a normal laptop that you could break into that easily,” he told RTÉ radio.

This also happened to the HSE last week & we had other cases last year.

What does the Data Protection Commissioner do? Could they be closed & save the state some money?

As I said on my website (http://verbo.se/bord-gais-muppets/):

What in f*ck’s name was that data doing on a laptop?

This also happened to the HSE last weekDespite assurances that everything would be encrypted.


What does the Data Protection Commissioner do?While I wouldn't advise people not to complain to the DPC, the current Commissioner is a useless lump.

These companies are obliged to encrypt their data. I work for a Financial Services company and encryption of laptops is standard. In any case, that information should be on a server somewhere, not a laptop. Shocking that this can happen in 2009.

In any case, that information should be on a server somewhere, not a laptop. Shocking that this can happen in 2009.
Whilst I would agree about the need to encrypt, and Bord Gáis really has no excuse, I'm sure part of the problem of data being stored on laptops is the totally crap broadband coverage we have. If someone works out of the office and/or at home, then is accessing data remotely on servers practical? Not in a lot of areas...

Laptops were stolen from the offices which would suggest the employees don't use them at home very often.

Are the using excel or simialr as a database? Seems crazy to have what appear to fairly large databases saved locally on laptops.

Is Data Protection Commissioner trying to outdo the Financial Regulator for lack of oversight?

Just look at how long it took to publish the fact that it had been stolen, 12 days, not a quick announcement by any means,

As in the UK, Bord Gais thought it was a good day to buy bad news with the HSE losing their laptops.

I agree with what Dahamsta said on his website, Bord Gais Muppets

Laptops were stolen from the offices which would suggest the employees don't use them at home very often.
Would've thought that was common enough, especially over the weekend - makes the company responsibile for the security rather than the employee. I wouldn't be using that to judge whether they use them away from the office - if they didn't even the HSE would save money by buying desktops (Laptops have to be justified in the public sector as, rightly or wrongly, they're seen as a luxury).

Just look at how long it took to publish the fact that it had been stolen, 12 days, not a quick announcement by any means,



It was on Gardai advice that they delayed the announcement, if it made the news the day it happened it would have made the lap top far more valuable, the hope is that some toerag wipped the memory and sold it for €100 instead of for €1000's to a professional gang.

i know if my name address bank account number and sort code went "missing" then i would be closing that account asap. It is still fairly hard for them to get money from your account but who wants to take that risk.

If it was only used to sign up to some dodgy credit agreement it could still ruin your credit rating if you go looking for a mortgage or loan you may rn into problems.

Laptops were stolen from the offices which would suggest the employees don't use them at home very often.


Pretty much all employeees who work from home have in office days too

The likelihood is that the lads looking to offload the laptobs have already wiped them as they'll be easier to shift.

If I was a thief that read the news, there's no way I'd wipe a lappie before checking what was on it first, the data is far more valuable to carders than the hardware itself. Course, then I'd have to be a thief that read the news...

And wait 12 days before trying to offload them

My new laptop has a little finger print thing to unlock it great idea unless a robber takes a finger too the laptop is useless to anyone else.

Stolen laptops are somewhat of a baseless obsession in the media over the last 18 months. In none of the recent cases has any attempt been made to misuse the data.

There are 1,001 other weakpoints that are more likely to result in fraud.

I'd hazard a guess not all of those up in arms about the laptops shred their post, or cover the keypad of the chip and pin machines in shops and restaurants.

I'm not arguing it's irrelevant or that it's acceptable, but it certainly is receiving undue attention at the expense of other more important data protection advice.

My new laptop has a little finger print thing to unlock it great idea unless a robber takes a finger too the laptop is useless to anyone else.

I have that too but I don't think its that much safer than typing in a password.

Stolen laptops are somewhat of a baseless obsession in the media over the last 18 months. In none of the recent cases has any attempt been made to misuse the data.

There are 1,001 other weakpoints that are more likely to result in fraud.

I'd hazard a guess not all of those up in arms about the laptops shred their post, or cover the keypad of the chip and pin machines in shops and restaurants.

I have an expectation that my bank, utilities suppliers and other companies with which I do business will do a better job of protecting me than this. Baseless? It's fairly trivial to break into most laptops if you know what you're doing - I've seen it done. There are then, in these cases, tens of thousands of people's data open to abuse. If you don't shred your bank statement and someone roots through your rubbish, one person's data is open to abuse - yours. I think there's a fairly substantial difference.


I'm not arguing it's irrelevant or that it's acceptable, but it certainly is receiving undue attention at the expense of other more important data protection advice.
It's baseless, but not irrelevant?

The fact is, there have been a bunch of cases like this now, and still the ****wits in an Bord Gáis failed to learn. Whoever is responsible for the fact that that laptop had unencrypted data - at a strategic level and in terms of actually implementing it - should be fired for exposing the company to significant risk of adverse financial and PR outcomes.

I have that too but I don't think its that much safer than typing in a password.Depends on the implementation, but most of the time it's done post-BIOS on unencrypted drives, which is simply a convenience. Real security can only be done pre-BIOS and/or on an encrypted drive.

I have an expectation that my bank, utilities suppliers and other companies with which I do business will do a better job of protecting me than this. Baseless? It's fairly trivial to break into most laptops if you know what you're doing - I've seen it done. There are then, in these cases, tens of thousands of people's data open to abuse. If you don't shred your bank statement and someone roots through your rubbish, one person's data is open to abuse - yours. I think there's a fairly substantial difference.


It's baseless, but not irrelevant?

The fact is, there have been a bunch of cases like this now, and still the ****wits in an Bord Gáis failed to learn. Whoever is responsible for the fact that that laptop had unencrypted data - at a strategic level and in terms of actually implementing it - should be fired for exposing the company to significant risk of adverse financial and PR outcomes.Until an actual fraud is perpetrated it's baseless.

My point stands. There are 1,001 more ways you're likely to be defrauded.

By all means sack the person whose laptop was unencrypted, but seriously?

Do you know what info was on the laptop?

Until an actual fraud is perpetrated it's baseless.
Ha!


Do you know what info was on the laptop?
Names and bank account numbers. I think there was a third significant field too. Not that anyone can do anything (http://news.bbc.co.uk/2/hi/entertainment/7174760.stm) with that information, of course.

There is a simple soluion to this. Either get the Data Protection Commissioner to use his powers or if not strong enough give him more powers.

Lets start with E10 fine for every case of lost or stolen data. 1,000 account details stolen means E10,000 fine & so on. For every week the thefy remains unreported to the Commissioner then double the fine.

Got a letter yesterday from Bord Gais to say my details were stolen:mad:. It shouldn't happen in this day & age. Letter basically says sorry, but its your problem

Got a letter yesterday from Bord Gais to say my details were stolen:mad:. It shouldn't happen in this day & age. Letter basically says sorry, but its your problem

Got the letter yesterday. If anyone's data does get used in a fraud case could all the people affected bring some sort of group action against Bord Gais for their reckless treatment of highly sensitive data?

Just curious, I can't see the data being used in that way, and I don't think I'd be interested in getting involved in a massive lawsuit, but I'm curious as to whether or not it would be possible.

Got the letter yesterday. If anyone's data does get used in a fraud case could all the people affected bring some sort of group action against Bord Gais for their reckless treatment of highly sensitive data?

I believe it was mentioned as part of the previous news stories but I believe BGE are liable for any money you lose as a result of their actions. I am sure it would have to prove cause & affect but they cannot deny they "lost" the info as they have already admitted that.

Got the letter yesterday. If anyone's data does get used in a fraud case could all the people affected bring some sort of group action against Bord Gais for their reckless treatment of highly sensitive data?

Just curious, I can't see the data being used in that way, and I don't think I'd be interested in getting involved in a massive lawsuit, but I'm curious as to whether or not it would be possible.Yes, you would have a case against BG.

In any case the DPC will likely take action.

In any case the DPC will likely take action.Not this Commissioner. They'll get no more than a slap on the wrist from Billy Hawkes.

Not this Commissioner. They'll get no more than a slap on the wrist from Billy Hawkes.

The Commissioner is more like an Ombudsman as if you look at thew web site they just investigate complaints & just tell offenders not to do it again. Even the HSE incident from last year is not listed on the site from what I can see...

Got the letter yesterday too.