BreachExchange mailing list archives
Irish telco admits data breach affecting 7, 000 customers
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 11 Feb 2012 01:53:00 -0500
http://www.information-age.com/channels/security-and-continuity/news/1691588/irish-telco-admits-data-breach-affecting-7000-customers.thtml Irish Data Protection commissioner slams Eircom for "unacceptable delay" in notifying customers that data including financial records was stolen on laptops Three laptops belonging to Irish telco Eircom that were stolen in two separate incidents in December and January contained unencrypted data pertaining to 6,845 current and former customers, the company admitted today. The lost data includes financial details of up to 550 customers of the telco's mobile telephony subsidiaries, eMobile and Meteor. One of the laptops was stolen from an employee's home and the other two from Eircom's offices in Dublin. Speaking on Irish morning radio, the Irish Data Protection Commissioner Billy Hawkes said this was one of the "most serious breaches" his office had ever seen due to the sensitive nature of the information, the long delay before Eircom informed customers, and the fact that a telecommunications company Eircom is subject to stricter data security laws. Eircom said the delay in notifying customers was due to their need to find out what information was on the laptops. "That's not acceptable," Hawkes commented. "Our normal delay in getting reports in is 24 to 48 hours which is our guideline for reports of such incidents, so I find it very surprising to hear that reason being given by Eircom." In a statement, Eircom said that the personal data at risk includes details such as names, addresses, and telephone numbers as well as copies of documents from the application process such as passports, drivers licences, and other photo IDs. "In some cases financial data such as bank account, [debit] or credit card details is also at risk," Eircom wrote. Eircom is reviewing its encryption policy in the wake of the theft, it says. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Small, inexpensive USB drives pose huge threats to organizations left unprotected. Download Chapter 1 of CREDANT Technologies eBook Data Protection to the Rescue http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Current thread:
- Irish telco admits data breach affecting 7, 000 customers Jake Kouns (Feb 13)