BOI Bank Details Theft

**dahamsta** · 22/04/2008, 5:08 PM

It didn't take 6 months to detect, it took 6 months to be reported to senior management, or for them to actually report it.

**pete** · 22/04/2008, 5:21 PM

Originally posted by dahamsta

It didn't take 6 months to detect, it took 6 months to be reported to senior management, or for them to actually report it.

Yes, more than likely someone was aware but did not report. I suppose I was trying to highlight inadequate process for tracking confidential details. i.e. process should have flagged that data unaccounted for.

No big wigs will see the chop but I am sure some grunts down the line have already been sacked.

**dahamsta** · 22/04/2008, 5:50 PM

It's the fact the data wasn't encrypted on the machines that I find incredible. The banks spend millions developing next-to-unusable systems like BOL and B365 to "protect our security" and then leave customers data lying around in the clear like this. It's pathetic.

adam

**anto1208** · 22/04/2008, 7:54 PM

No wonder Bertie doesnt use them

**dahamsta** · 22/04/2008, 8:17 PM

Only for JIT FX transactions.

**Dodge** · 22/04/2008, 8:24 PM

Typical civil servants, eh Pete?

**pete** · 22/04/2008, 11:34 PM

Originally posted by Dodge

Typical civil servants, eh Pete?

Only the UK ones so far

Seriously though laughable the way BOI bosses saying they have checked the bank accounts & no threat so far. Ever heard of identity theft? The Data Commissioner has no teeth (cannot enforce or penalise) & largely pointless. No obligation on BOI to even notify the Data Commis. I think it was suggested that BOI could be open sued by customers in the case of future identity theft.

**Billsthoughts** · 23/04/2008, 8:34 AM

What way does encryption work? Once you get into the laptop and say the data was in exel spreadsheet does it just mean the spreadsheet is password protected? We had a similar situation here were someone lost a USB key. Loads of measures brought in after this. Or actual measures enforced to be more precise. I think in a lot of these cases BAU means things like this tend to get overlooked.

**Block G Raptor** · 23/04/2008, 9:51 AM

Originally posted by dahamsta

It's the fact the data wasn't encrypted on the machines that I find incredible. The banks spend millions developing next-to-unusable systems like BOL and B365 to "protect our security" and then leave customers data lying around in the clear like this. It's pathetic.

adam

I'm pretty surprised at this myself. I work for the Company that supplies I.T. Product services to BOI and I have actually built a few of the BOI laptops and we definitely put Secure Boot encryption on all PC/Laptops

**dahamsta** · 23/04/2008, 9:55 AM

An Office password would count as encryption, but it's not very good encryption and can be cracked quite easily. Proper encryption would be a fully encrypted file system. Vista can do this, but I'm not sure how secure it is. Linux can do it too, of course.

adam

**Macy** · 24/04/2008, 7:32 AM

Originally posted by pete

Yes, more than likely someone was aware but did not report.

How could they not have reported it though - they would've had to replace the lap tops for the staff members (which would require it to be reported), which would've had to have been authorised up the line? tbh stinks of a cover up - wait and see does anyone notice, or does anyone access the accounts and then when no one has then go public.

Originally posted by anto1208

No wonder Bertie doesnt use them

He does, and has benefitted from their poor record keeping in the tribunal.

**reder** · 24/04/2008, 8:19 AM

Originally posted by pete

Seriously though laughable the way BOI bosses saying they have checked the bank accounts & no threat so far. Ever heard of identity theft? The Data Commissioner has no teeth (cannot enforce or penalise) & largely pointless. No obligation on BOI to even notify the Data Commis. I think it was suggested that BOI could be open sued by customers in the case of future identity theft.

As someone who has worked with BOI in a technical capacity I am not surprised by this one bit. I sincerely doubt that any member of staff will suffer as a result of this. The fact that they were charging customer for calling the help line they set up says it all really.

Identity theft is not being taken seriously enough in industry in this country. A few weeks ago, we had the issues where CVs were taken from a jobs web site. Shabby workmanship all round in my opinion.

**pete** · 24/04/2008, 11:29 AM

Originally posted by Macy

How could they not have reported it though - they would've had to replace the lap tops for the staff members (which would require it to be reported), which would've had to have been authorised up the line?

I suppose I meant not report somewhere on the line. Only BOI know what level this was reported to.

**shedite** · 25/04/2008, 11:04 AM

What do people consider safe these days tho. Pretty much everythign is breakable eventually if people put enough effort into it. All these preventative methods are just there to deter criminals more than anything. My laptop has its harddrive encrypted, and you need a smart card to access it too. Hopefully if mine got stolen it wouldn't be worth the effort for criminals to crack it.

As for BoI, there was no reason that those details were on that laptop. Stupid error and I hope people begin to learn sooner rather than later.

BOI Bank Details Theft

BOI Bank Details Theft

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment