The Big Glitch - Bord Gais

homerun_homer

"Bord Gáis electricity users who signed-up to the company over the past four months have been urged to check their bank accounts to ensure they have not been defrauded."
75,000 customer's personal bank account details on an unencrypted laptop!! This campaign to switch over has only been fairly recent so that must cover nearly everyone who changed over. That's some c0ck up by them. Not good advertising for them.

My name is URL

It's retarded that companies and government bodies still don't encrypt data stored on portable devices given that this has happened a few times already.

If I was one of the customers affected I'd certainly be looking at a class action lawsuit against both the DPA and Bord Gais

Max Power1

well if it was me, i'd be leaving BG. Typical lax security arrangements for a state company. Why were the laptops not encrypted??

linky to change to airtricity

*it should be noted that I have no affiliation with airtricity, I just plain dont like Bord Gais*

K-9

Not the brightest sparks!

Sorry, it's crazy after all the scandals recently that they didn't encrypt the data. Not confidence inspiring.

Bomany

Very worrying. I am one of the customers. It is anyone who signed over before May 29th. There are a number of very serious questions for Bord Gais to answer.
1. Obviously why was information not encrypted?
2. Were the laptops locked up or sitting on a desk or in an unlocked press?
3. Why the delay in informing customers? 12 days is scandalous. I don't accept the business about alerting thieves to content on laptop - maybe this holds for short period of time, but 12 days?
4. What information did Bord Gais give the Data Commissioner when the laptops were stolen. Is it the case that they told the Data Commissioner the information was encrypted?

I will be switching back to ESB this afternoon. I have lost faith in this company.

MoominPapa

Why have customers bank account details stored on a laptop?

Mizu_Ger

MoominPapa wrote: »

Why have customers bank account details stored on a laptop?

That's what I was thnking too. Surely this info should be in some central database, not on a prtable laptop.

deisedude

I blame Lucy Kennedy

homerun_homer

Sure you never know when an employee may want to travel and look up random bank accounts of customers. Stupid. I don't understand this business practice at all.

WindSock

I think the title of this thread is gas :pac:

TheTubes

What annoys me most is this bullsh1t:

Managing director of Bord Gáis Energy Dave Bunworth said this morning the stolen laptop containing the account details of 75,000 customers would be “very difficult to get into” despite it not being encrypted.

Mr Bunworth said that while the machine was not encrypted, the data saved on it could only be accessed using a username and password.

Statements like this are intentionaly misleading and worse than the original cockup imo.

Any 13 old who has even a passing interest in computers can google how to remove a hard drive from a laptop and hook it up to a pc.

Or even burn a linux live cd and boot up using that and all the files would be available to you without even opening it up.

Quint

Are all the bank account numbers and sort codes on the laptop? Lets hope it doesn't fall into the hands of a nigerian "businessman"

admiralofthefleet

im very worried, i have all my bills on DD

cooperguy

There really isnt that much to be worried about. What can you actually do with bank a/c no. and sort code! There might be some very kind reverse-thiefs that will transfer money into your account or possibly a very charitable thief that could set up a direct debit to a charity. They cant really do anything else.

homerun_homer

we do direct debit with these feicers to avoid the steep fees they charge if you pay in the post office, yet they can go and be so relaxed with the information and leave it open to theft and sale on the black market.

Morlar

homerun_homer wrote: »

we do direct debit with these feicers to avoid the steep fees they charge if you pay in the post office, yet they can go and be so relaxed with the information and leave it open to theft and sale on the black market.

That's the Public sector for you. It was probably somebody else's fault.

Does anyone know if they informed the Banks in the 12 days between the theft account & personal details & when they reported it to customers ?

Biggins

A massive 75,000 people signed over to them in the last four months - something here smells odd!
I find that number hard to believe!

Max Power1

cooperguy wrote: »

There really isnt that much to be worried about. What can you actually do with bank a/c no. and sort code! There might be some very kind reverse-thiefs that will transfer money into your account or possibly a very charitable thief that could set up a direct debit to a charity. They cant really do anything else.

isnt all that information on a personal cheque? In addition to a copy of your signature, which could easily be scanned. No need to be worried about this, it just doesnt look that great for the PR, but no harm done otherwise.

cooperguy

Biggins wrote: »

A massive 75,000 people signed over to them in the last four months - something here smells odd!
I find that number hard to believe!

Its true. They hugely over exceeded there target sales. So much so that they havent even sent out the door to door salesmen yet as the call centre is too busy they couldnt handle anymore sign ons.

And no I dont work for them!

ScumLord

I always knew it was a stupid idea getting a gas company to do your electricity. How is my toaster supposed to run on gas? They won't even be able to get the gas down our copper wires. :rolleyes:

Borneo Fnctn

I remember a laptop from the Irish Blood Transfusion Service was stolen in New York. I got a letter saying some scumbag had my details. Pretty harmless though. Credit card details though... morons.

Calibos

Didn't Jeremy Clarkson of Top Gear fame not think the same thing about bank A/C number being useless to anybody. He announced his account number on air to proive his point and within days someone decided to teach him a lesson by signing him up for a direct debit to a charity or something like that.

http://news.bbc.co.uk/2/hi/entertainment/7174760.stm

Max Power1

deisedude wrote: »

I blame Lucy Kennedy

Yes. I do too.. I call first in line to laying out the "punishment"

K-9

Max Power1 wrote: »

Yes. I do too.. I call first in line to laying out the "punishment"

Max Power on an Electricity thread!

Mickelodian

Biggins wrote: »

A massive 75,000 people signed over to them in the last four months - something here smells odd!
I find that number hard to believe!

Yes 75,000 and more... there were over 100,000 sign ups according to their own reports... but they haven't even started to connect these people! some people are still waiting to be customers three months later!

So BEFORE you become a customer they lose your account details to a theif who seems 'not clever at all in passwords' etc. but that same burglar is it seems clever enough to break into a building with swipe card doors on every floor!?!? make their way to a particular office, take a couple of unencrypted laptops...It's an inside job...or a pro... either way...it's worry time for the 75k people.

Samba

WindSock wrote: »

I think the title of this thread is gas :pac:

Let me get your coat for you

dougdub

Legal action anyone?

I am livid! The details I am told they have are as follows:

https://www.thebigswitch.ie/residential.php

This was confirmed by the operator on their 1850 number!

jape

Right click the excel file,

"Add to archive", check 256-bit aes,

password : *******

It's not rocket science. Stupid cúnts.

irishangel

I'm so mad. My details were on one of the laptops.This is the second time I had details on a stolen laptop..Grrrr seems your details are never safe :mad::mad:

Michellenman

Yeah my parents details were on the lap top. They sent a letter out, apparently it happened a while ago but they didn't specify when just that it would hamper the Garda investigation if they were to tell the media immediately. They told the media on the 17th of June I think and the letter arrived today... wonder when the laptops were actually taken....

stevedublin

I got a letter saying my details were on the laptop.
Also, I've started to get lots of Spam for a Canadian pharmacy to one of my e-mails recently, any connection?

Dampsquid

jape wrote: »

Right click the excel file,

"Add to archive", check 256-bit aes,

password : *******

It's not rocket science. Stupid cúnts.

That's about as secure using sticky back sellotape to secure your laptop to the desk so it doesn't get stolen in the first place.

Max Power1

Better than them being unsecured though! Surely!

jape

Dampsquid wrote: »

That's about as secure using sticky back sellotape to secure your laptop to the desk so it doesn't get stolen in the first place.

What?

You can easily crack 256-bit AES yea?

As of 2006, the only successful published attacks against the full AES have been side-channel attacks on specific implementations. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used to protect classified information:

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."

homerun_homer

I knew it - Got the letter in the post saying my details are on the Laptop. Screw you Bord Gais, you just lost yourself a new customer, I'm going to change to Airtricity who just so happened to call to my door yesterday.

00sully

homerun_homer wrote: »

I knew it - Got the letter in the post saying my details are on the Laptop. Screw you Bord Gais, you just lost yourself a new customer, I'm going to change to Airtricity who just so happened to call to my door yesterday.

+1 - I'm gone too. only lose 1% by changing to airtricty. this situation is baloney

steps_3314

Im so pissed off also :mad:

My details were on one of those laptops.

What kind of company stores it's customer personal bank details on a portable device.

Surely these should be stored on servers and storage arrays.

Idiots.

Just wondering has ayone began to switch back to ESB and if so how.

jelly&icecream

Yea, got the letter in the post a few days ago...grrrr...:mad:

I think I'll investigate switching my electric to Airtricity. There's no way I'm switching back to ESB though, they're an even worse shower!

Its a pity there isn't an alternative gas supplier.

homerun_homer

Yer man calling for Airtricity said they will stick with the 13% savings from ESB yet BG will decrease their's after a period while keeping it cheaper than ESB. He said it was greener to be with Airtricity too. It'll need investigating, but if anyone has looked into the pros and cons of each do let us know. he also said they won't ask us to enter a contract with them, which BG will do after 6 months.

MoominPapa

I haven't received a letter from BG yet. Anyone know if that means I'm in the clear?