O2 Ireland admits it lost backup data from September 2011, says “low risk” to privacy of 1.3m customers

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://thenextweb.com/eu/2012/12/05/o2-ireland-admits-to-backup-data-loss-from-september-2011-says-low-risk-to-privacy-of-1-3m-customers/

Telefonica-owned mobile operator O2 has admitted that a tape used for
routine daily backups at its Irish offices went missing in September
2011,posting a message to its website to warn customers that it may
contain some personal data held on the company’s servers at that time.

O2 Ireland, which was only recently notified by its IT support company
IBM, believes the risk of customer privacy issues to be low and notes
that while the tape is still unaccounted for, it could still be
present within O2′s offices.

To ensure that it is doing all it can to minimise privacy risks, the
company immediately launched an investigation into the data that the
drive held, notifying the Data Protection Commissioner of the issues
and working with it ever since.

O2 doesn’t know the extent of the data on the drive, but says that
backups are secured in files that need specialist technology to open
them. While it’s possible it could hold some customer data, the
operator says “it is more likely that it simply contained information
about O2′s normal business affairs and company information.”

The Office of the Data Protection Commissioner believes the issue is
serious, but because there it is highly likely the tape was lost
internally, customers should not be too concerned.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.