I'm one of the Bord Gais 75,000!

Tupins

I received a letter from Bord Gais today informing me that I am one of the customer's whose name, address, bank account number and sort code were on the stolen laptop.

I'm quite annoyed by Bord Gais that they didn't encrypt this information.

The letter states that they have contacted all of our banks and highlighted the relevant accounts to them. They also say that they have received expert security advice that the rist of the data being misused is low.

Anyone else here receive this letter?

How worried should I be? I don't have much money in my account anyway so would be thieves won't get very far on my 'fortune'!

BuffyBot

Well I'd think the risk is pretty minimal too, to be honest - unless people want to lodge money into your account

The likelyhood of the laptop in question being stolen by anyone other than some random thief is quite low, and random thieves mostly care about selling things on for cash. They're not so big on identity theft. That's more for a big boys as it takes time on effort.

However, it's never a good idea to not be vigilant regarding bank accounts as a general rule, anyway.

eimear1

Hey there,
Got that letter myself this morning. Am a little worried. Of course its most likely it was an opportunist thief but these things are happening more often now, wasn't it only last month that the HSE had the same problem? Don't want to be a conspiracy theorist but is it possible ID theft gangs are preying on companies and finding out who is doing stupid things like carrying around this unencrypted info?
Only switched over to Bord Gais 2 months ago, my friend did the same and she got same letter. Are all the people affected those who switched? Carrying them around on one unsafe laptop is total negligence. Anyone any idea what happens to the company, what can data protection people do?
Eimear

RoadKillTs

I wouldnt worry about it tbh.
Chances are the thief just wiped it, installed XP and sold it for €100

RoadKillTs

what can data protection people do?

Think of the data proctection people in the same way as the financial regulator. A total waste of money and not worth a shi*e.

IgnatiusPop

RoadKillTs wrote: »

Think of the data proctection people in the same way as the financial regulator. A total waste of money and not worth a shi*e.

I dont know about that. They do provide a service, but I think its safe to say that unless government departments and companies in this country start using data encryption on their machines, then the efforts of the data protection crowd are going to be undermined.

I'm a sys admin, and we use Pointsec on all of our machines, weather they are ones that are allowed to leave the building (ie laptops) or not. Its inexpensive, and impossible for your average thievin' scumbag to crack. I think the bigger problem is not with Bord Gas or with the machines, but rather on the lack of communication, coordination, or general awareness of the majority of those people employed in IT within the civil service.

:pac:

stillcrazy

I got that letter today as well. This is my second time as my data was on that stolen Irish Blood Transfusion board laptop a few months ago as well, but at least there were no bank details on that! I'm monitoring my bank a/c online but think that's all I'll be doing for now.

RoadKillTs

I think the bigger problem is not with Bord Gas or with the machines, but rather on the lack of communication, coordination, or general awareness of the majority of those people employed in IT within the civil service.

Would agree with that but the point is they should be held accountable for not handling their customers data properly. Not just Board Gais, but also the HSE and BOI.
Pointsec is easy enough to rollout and as you said prity effective so theres no reason why there should be laptops out in the public domain without having some sort of encryption on them.

I work in a very similar role to yourself and I see it on a daily basis. Staff not handling their laptops correctly due to a lack of education.
Chances are the user left the laptop in a car in plain view and some scummer seen it. simply as.

eimear1

Does make you angry doesn't it - i have now had letters like this from three sources that i should have been able to trust - BOI, blood transfusion board and bord Gais.
Surely if its just a matter of a program being installed and a bit of training for staff they should all have learnt their lessons by now and got their asses in gear!

elexes

BuffyBot wrote: »

Well I'd think the risk is pretty minimal too, to be honest - unless people want to lodge money into your account

if you think that then your mistaken.

clarkson thought the same thing and announced his details in one of his shows . a week later he was giving money to various charities that he never knew existed.

ring your bank and inform them just to be sure also let your credit card company know and always inform them when your going on holidays and where your going to be staying so they know its you making transactions .

it was bad form of them to try and cover this up.

parsi

IgnatiusPop wrote: »

but rather on the lack of communication, coordination, or general awareness of the majority of those people employed in IT ...

:pac:

See, it's not just an IT issue. Data protection is everyones issue and if some guy has the rank / authority to go buy his own laptop and avoid IT altogether then it's a recipe for disaster.

I think most IT folk have seen situations whereby company policy was thrown out the window in order to facilitate some top honcho.

homer911

Your name, sort code and account number are on any cheques your write. Your address can be got from a phone book.

Whats the big deal??

BuffyBot

elexes wrote: »

if you think that then your mistaken.

clarkson thought the same thing and announced his details in one of his shows . a week later he was giving money to various charities that he never knew existed.

ring your bank and inform them just to be sure

Different scenario. Highly public figure *makes* himself a target and invites people to do something and publishes his information in a newspaper column vs. random laptop thief.

also let your credit card company know and always inform them when your going on holidays and where your going to be staying so they know its you making transactions .

While that's good advice in general, I don't believe any CC details were at risk in this case, so why muddy the waters

newtoboards

Got the letter about this just today. I'm one of the people that are technically not a customer yet but was in the process of switching. They kept saying on the phone I'm not a customer which kinda got my goat. They couldn't tell me what oprerating system was used, what password protection was on the laptop, and what format the file with all the data was in on the laptop. I reckon if the data was comercially sensitive then it would have been encrypted but simply because it's just joe soaps details who cares. They have my name/address/account details all they need to do is forge an ID and some letters and they can be me.

The bank were better but didn't put the security flag on like I wanted because it's not the procedure. It's again up to joe soap to spot a fraud which isn't fair but c'est le vie I suppose and there's very very little I can do about this. Still annoyed though to be honest