QuoteIt didn't take 6 months to detect, it took 6 months to be reported to senior management, or for them to actually report it.
RTE News
Some cowboy operation in BOI. Not only were personal details stolen it took 6 months to detect? You have to wonder what system if any they have for guarding confidential details.Sensitive information regarding 10,000 Bank of Ireland customers has been stolen.
The Data Protection Commissioner, Billy Hawkes, has told RTÉ News he is investigating the disappearance of four laptops.
The computers were stolen last year but the commissioner was only informed on Friday.
It didn't take 6 months to detect, it took 6 months to be reported to senior management, or for them to actually report it.
Yes, more than likely someone was aware but did not report. I suppose I was trying to highlight inadequate process for tracking confidential details. i.e. process should have flagged that data unaccounted for.Originally Posted by dahamsta
No big wigs will see the chop but I am sure some grunts down the line have already been sacked.
It's the fact the data wasn't encrypted on the machines that I find incredible. The banks spend millions developing next-to-unusable systems like BOL and B365 to "protect our security" and then leave customers data lying around in the clear like this. It's pathetic.
adam
No wonder Bertie doesnt use them
Typical civil servants, eh Pete?
54,321 sold - wws will never die - ***
---
New blog if anyone's interested - http://loihistory.wordpress.com/
LOI section on balls.ie - http://balls.ie/league-of-ireland/
Only the UK ones so far
Seriously though laughable the way BOI bosses saying they have checked the bank accounts & no threat so far. Ever heard of identity theft? The Data Commissioner has no teeth (cannot enforce or penalise) & largely pointless. No obligation on BOI to even notify the Data Commis. I think it was suggested that BOI could be open sued by customers in the case of future identity theft.
What way does encryption work? Once you get into the laptop and say the data was in exel spreadsheet does it just mean the spreadsheet is password protected? We had a similar situation here were someone lost a USB key. Loads of measures brought in after this. Or actual measures enforced to be more precise. I think in a lot of these cases BAU means things like this tend to get overlooked.
I'm pretty surprised at this myself. I work for the Company that supplies I.T. Product services to BOI and I have actually built a few of the BOI laptops and we definitely put Secure Boot encryption on all PC/Laptops
An Office password would count as encryption, but it's not very good encryption and can be cracked quite easily. Proper encryption would be a fully encrypted file system. Vista can do this, but I'm not sure how secure it is. Linux can do it too, of course.
adam
How could they not have reported it though - they would've had to replace the lap tops for the staff members (which would require it to be reported), which would've had to have been authorised up the line? tbh stinks of a cover up - wait and see does anyone notice, or does anyone access the accounts and then when no one has then go public.
He does, and has benefitted from their poor record keeping in the tribunal.
If you attack me with stupidity, I'll be forced to defend myself with sarcasm.
As someone who has worked with BOI in a technical capacity I am not surprised by this one bit. I sincerely doubt that any member of staff will suffer as a result of this. The fact that they were charging customer for calling the help line they set up says it all really.
Identity theft is not being taken seriously enough in industry in this country. A few weeks ago, we had the issues where CVs were taken from a jobs web site. Shabby workmanship all round in my opinion.
I suppose I meant not report somewhere on the line. Only BOI know what level this was reported to.
What do people consider safe these days tho. Pretty much everythign is breakable eventually if people put enough effort into it. All these preventative methods are just there to deter criminals more than anything. My laptop has its harddrive encrypted, and you need a smart card to access it too. Hopefully if mine got stolen it wouldn't be worth the effort for criminals to crack it.
As for BoI, there was no reason that those details were on that laptop. Stupid error and I hope people begin to learn sooner rather than later.
The glass isn't half full or half empty it's just too damn big!
RTE
BOI making it up as they go along.The number of Bank of Ireland customers affected by the theft of laptops last year has risen to over 30,000.
Last week, the bank said that medical records, bank account details, names, addresses and dates of birth of 10,000 customers were on the laptops.
Advertisement
The number of branches affected has increased from seven to 29.
But the bank added that customers would be fully compensated if any fraud arose.
They probably have no choice but to compensate any one who is the victim of fraud but that liability could be open for years yet.
Posting Permissions
Bookmarks