BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Irish telco admits data breach affecting 7, 000 customers

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 11 Feb 2012 01:53:00 -0500
http://www.information-age.com/channels/security-and-continuity/news/1691588/irish-telco-admits-data-breach-affecting-7000-customers.thtml

Irish Data Protection commissioner slams Eircom for "unacceptable
delay" in notifying customers that data including financial records
was stolen on laptops
Three laptops belonging to Irish telco Eircom that were stolen in two
separate incidents in December and January contained unencrypted data
pertaining to 6,845 current and former customers, the company admitted
today.

The lost data includes financial details of up to 550 customers of the
telco's mobile telephony subsidiaries, eMobile and Meteor. One of the
laptops was stolen from an employee's home and the other two from
Eircom's offices in Dublin.

Speaking on Irish morning radio, the Irish Data Protection
Commissioner Billy Hawkes said this was one of the "most serious
breaches" his office had ever seen due to the sensitive nature of the
information, the long delay before Eircom informed customers, and the
fact that a telecommunications company Eircom is subject to stricter
data security laws.

Eircom said the delay in notifying customers was due to their need to
find out what information was on the laptops. "That's not acceptable,"
Hawkes commented. "Our normal delay in getting reports in is 24 to 48
hours which is our guideline for reports of such incidents, so I find
it very surprising to hear that reason being given by Eircom."

In a statement, Eircom said that the personal data at risk includes
details such as names, addresses, and telephone numbers as well as
copies of documents from the application process such as passports,
drivers licences, and other photo IDs. "In some cases financial data
such as bank account, [debit] or credit card details is also at risk,"
Eircom wrote.

Eircom is reviewing its encryption policy in the wake of the theft, it says.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/
Previous By Date Next
Previous By Thread Next

Current thread: