Anybody who made "The Big Switch" might want to watch their bank account for a while.
http://www.irishtimes.com/newspaper/...249068004.html
SOME 75,000 Bord Gáis customers have been warned to monitor their bank accounts for suspicious transactions after a laptop computer containing their account details was stolen.
.........
The laptop contains details such as account numbers, home addresses and branch details of people who had recently switched from the ESB as part of Bord Gáis’s “big switch” campaign.
Just changed over a few weeks back so wouldn't be at all surprised to hear that my details were among those lost. Will certainly be keeping a close eye on the bank account for a while.Originally Posted by osarusan
That said it's highly unlikely that any of the local skangers will be engaging in high level identity theft. I'd say they'll spend more time worrying about installing champ manager and finding free porn.
Tallaght Stadium Regular
Click
This also happened to the HSE last week & we had other cases last year.Managing director of Bord Gáis Energy Dave Bunworth said this morning the stolen laptop containing the account details of 75,000 customers would be “very difficult to get into” despite it not being encrypted.
“I don’t want to minimise the risk but this is not a normal laptop that you could break into that easily,” he told RTÉ radio.
What does the Data Protection Commissioner do? Could they be closed & save the state some money?
As I said on my website:
What in f*ck’s name was that data doing on a laptop?
Despite assurances that everything would be encrypted.
While I wouldn't advise people not to complain to the DPC, the current Commissioner is a useless lump.What does the Data Protection Commissioner do?
These companies are obliged to encrypt their data. I work for a Financial Services company and encryption of laptops is standard. In any case, that information should be on a server somewhere, not a laptop. Shocking that this can happen in 2009.
Whilst I would agree about the need to encrypt, and Bord Gáis really has no excuse, I'm sure part of the problem of data being stored on laptops is the totally crap broadband coverage we have. If someone works out of the office and/or at home, then is accessing data remotely on servers practical? Not in a lot of areas...
If you attack me with stupidity, I'll be forced to defend myself with sarcasm.
Laptops were stolen from the offices which would suggest the employees don't use them at home very often.
Are the using excel or simialr as a database? Seems crazy to have what appear to fairly large databases saved locally on laptops.
Is Data Protection Commissioner trying to outdo the Financial Regulator for lack of oversight?
Just look at how long it took to publish the fact that it had been stolen, 12 days, not a quick announcement by any means,
As in the UK, Bord Gais thought it was a good day to buy bad news with the HSE losing their laptops.
I agree with what Dahamsta said on his website, Bord Gais Muppets
Smile........ it confuses people
Would've thought that was common enough, especially over the weekend - makes the company responsibile for the security rather than the employee. I wouldn't be using that to judge whether they use them away from the office - if they didn't even the HSE would save money by buying desktops (Laptops have to be justified in the public sector as, rightly or wrongly, they're seen as a luxury).
If you attack me with stupidity, I'll be forced to defend myself with sarcasm.
It was on Gardai advice that they delayed the announcement, if it made the news the day it happened it would have made the lap top far more valuable, the hope is that some toerag wipped the memory and sold it for €100 instead of for €1000's to a professional gang.
i know if my name address bank account number and sort code went "missing" then i would be closing that account asap. It is still fairly hard for them to get money from your account but who wants to take that risk.
If it was only used to sign up to some dodgy credit agreement it could still ruin your credit rating if you go looking for a mortgage or loan you may rn into problems.
Pretty much all employeees who work from home have in office days too
The likelihood is that the lads looking to offload the laptobs have already wiped them as they'll be easier to shift.
54,321 sold - wws will never die - ***
---
New blog if anyone's interested - http://loihistory.wordpress.com/
LOI section on balls.ie - http://balls.ie/league-of-ireland/
If I was a thief that read the news, there's no way I'd wipe a lappie before checking what was on it first, the data is far more valuable to carders than the hardware itself. Course, then I'd have to be a thief that read the news...
And wait 12 days before trying to offload them
54,321 sold - wws will never die - ***
---
New blog if anyone's interested - http://loihistory.wordpress.com/
LOI section on balls.ie - http://balls.ie/league-of-ireland/
My new laptop has a little finger print thing to unlock it great idea unless a robber takes a finger too the laptop is useless to anyone else.
Stolen laptops are somewhat of a baseless obsession in the media over the last 18 months. In none of the recent cases has any attempt been made to misuse the data.
There are 1,001 other weakpoints that are more likely to result in fraud.
I'd hazard a guess not all of those up in arms about the laptops shred their post, or cover the keypad of the chip and pin machines in shops and restaurants.
I'm not arguing it's irrelevant or that it's acceptable, but it certainly is receiving undue attention at the expense of other more important data protection advice.
I have that too but I don't think its that much safer than typing in a password.
I have an expectation that my bank, utilities suppliers and other companies with which I do business will do a better job of protecting me than this. Baseless? It's fairly trivial to break into most laptops if you know what you're doing - I've seen it done. There are then, in these cases, tens of thousands of people's data open to abuse. If you don't shred your bank statement and someone roots through your rubbish, one person's data is open to abuse - yours. I think there's a fairly substantial difference.
It's baseless, but not irrelevant?I'm not arguing it's irrelevant or that it's acceptable, but it certainly is receiving undue attention at the expense of other more important data protection advice.
The fact is, there have been a bunch of cases like this now, and still the ****wits in an Bord Gáis failed to learn. Whoever is responsible for the fact that that laptop had unencrypted data - at a strategic level and in terms of actually implementing it - should be fired for exposing the company to significant risk of adverse financial and PR outcomes.
Depends on the implementation, but most of the time it's done post-BIOS on unencrypted drives, which is simply a convenience. Real security can only be done pre-BIOS and/or on an encrypted drive.
Posting Permissions
Quote
Bookmarks