Bank of Ireland reports customer data theft

Bank of Ireland reports customer data theft

Bank of Ireland (BoI) has admitted that four laptops containing the unencrypted personal details of 10,000 customers have been stolen.

The computers - which contained data on customers who had obtained a quote or purchased a life assurance policy from seven BoI branches in the Republic of Ireland - were stolen between June and October last year, but the bank has only just reported the theft to Ireland's Data Protection Commissioner.

The information on the computers includes names, addresses, bank account details and medical records of customers at branches in Drogheda, Dunleer, Bagnelstown, Court Place Carlow, Stephens Green, Tallaght and Montrose.

BoI has stated that the data was not encrypted, although password protection was in place. The bank says it has monitored the affected accounts over the last few months and found no evidence of fraudulent activity.

A BoI spokeswoman told Finextra that the delay in reporting the thefts to the data watchdog occurred because the bank only became aware of the situation in February this year.

In a statement, Ireland's Data Protection Commissioner Billy Hawkes says his office was contacted by the bank last Friday morning and informed of the thefts.

Hawkes says his office will investigate the security arrangements in place and "the circumstances surrounding the theft" and "the exact circumstances which led to the delay in the reporting of this matter internally within the Bank of Ireland to the appropriate personnel"

"The investigation will focus on the justification for the personal data, including sensitive medical data in some cases, being placed on the laptops in the first place," says the Commissioner in a statement.

Bank of Ireland has set up a helpline for customers and says it will write to those affected "in the coming days".

Last year the UK's Nationwide Building Society was fined £980,000 by the Financial Services Authority after an investigation into the theft of a company laptop from an employee's home exposed failings in its information security.

The FSA said its investigation into the incident found that the Nationwide did not have adequate information security procedures and controls in place, potentially exposing the society's 11 million customers to an increased risk of financial crime.

News of the BoI security breach comes as UK Information Commissioner Richard Thomas revealed that almost 100 security breaches had been reported to his office since the security breach at HM Revenue and Customs (HMRC) in October last year when computers disks containing information on 25 million child benefit claimants went missing while in transit from HMRC's headquarters in Washington, Tyne and Wear to the National Audit Office in London

Of the security breaches reported by private sector organisations, 50% were reported by financial institutions, says the the Information Commissioner's Office (ICO).

"It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring," says Thomas in a statement. "The government, banks and other organisations need to regain the public's trust by being far more careful with people's personal information."

"The evidence shows that more must be done to eradicate inexcusable security breaches," he adds.

The ICO says Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Data has been stolen, gone missing in the post and whilst in transit with a courier. The material includes a wide range of personal details, including financial and health records.

Comments: (0)