emobile/meteor laptops stolen with customers details

dub45

eircom: Tony wrote: »

Hi dub45
I take your point and it is exactly those issues that are currently under intense audit to ensure this cannot happen again. The companies policy requires that all laptops be encrypted and while these were password protected, they were not encrypted.
I can confirm that these laptops were indeed removed from eircom offices and had not been in transport to any outside offices at time of theft.
Tony

Tony with all due respects your answer is meaningless. I asked you a specific question which you do not answer!!

'Intense audit' please ! This is just jargon. It doesn't say much for any sort of security policy either physical or otherwise if laptops could so easily be stolen from premises (and wasn't one stolen from an employee's home?)

And the simple fact is that Eircom do not care enough either about their legal obligations or the safety of customer data to ensure that their own data policies were enforced on a day to day basis.

Now could you please answer my original question?

Sponge Bob

dub45 wrote: »

(and wasn't one stolen from an employee's home?)

Ah, that one. They carefully avoided saying it was an eircom laptop.

They did say it contained personal details on 700 odd Meteor staff and that the laptop was stolen from the home of an employee.

Loggie

eircom: Tony wrote: »

I really hope not Loggie:mad:
Can you PM me your details ( just tel no, contact no. and what was advised you on Friday, can you remember the agents name?) If you were advised you would receive call back you should have received this.
I will chase for you.
Tony

PM sent

KoolKid

Sponge Bob wrote: »

Ah, that one. They carefully avoided saying it was an eircom laptop.

They did say it contained personal details on 700 odd Meteor staff and that the laptop was stolen from the home of an employee.

So , worse again, if its not an Eircom laptop, then whats peoples personal information doing on it??

colly10

Why would this kind of data be sitting on a laptop? Surely it's sitting on a DB somewhere and is accessed through some password protected system?
If there is really a policy that all laptops are encrypted then why are unencypted laptops handed out to employees, is encrypting the data up to the individual employee that uses the laptop, that'd never work

LH2011

this type of data should not live / reside on a laptop hard drive, and should only be on a server with restricted user access.


also there are PCI compliance issues, also if credit card data was stored unencrypted.

i cant see any valid reason, why passport, or other personal information would reside on a laptop hard drive.

even if money was tight truecrypt is FREE!!

dub45

Sponge Bob wrote: »

The laptops with Customer data were office use only...like a desktop. No staff member removed them from the office...unless the thief was staff.

How do we know that these laptops had not been used outside HQ before?

dub45

LH2011 wrote: »

this type of data should not live / reside on a laptop hard drive, and should only be on a server with restricted user access.


also there are PCI compliance issues, also if credit card data was stored unencrypted.

i cant see any valid reason, why passport, or other personal information would reside on a laptop hard drive.

even if money was tight truecrypt is FREE!!

Unfortunately so is carelessness.

wingnut

eircom: Tony wrote: »

I take your point and it is exactly those issues that are currently under intense audit to ensure this cannot happen again. The companies policy requires that all laptops be encrypted and while these were password protected, they were not encrypted.

Intense audit = we got caught out, lets go and make sure we have a minimal amount of security.

Company policy = obviously employees pay a lot of attention to policy. No way it should be arbitrarily left to staff to look after sensitive data.

No matter what Eircom say this is complete an utter corporate incompetence.

Irwin R. Schyster

How are affected customers being compensated for this?

dub45

From the Eircom webisite:

eircom treats privacy and protection of all data extremely seriously and we have taken the following pro-active measures to address the situation.

Apart from the first part of the sentence being a demonstrable pack of lies with serious consequences for its customers but not itself could somebody please explain to whoever in Eircom writes this PR crap what exactly proactive means?

For example wikipedia says very simply:

Proactive behavior involves acting in advance of a future situation, rather than just reacting.

Please note that frantically trying to pick up the pieces under a cover of PR waffle and lies is definitely not being proactive.

dub45

Irwin R. Schyster wrote: »

How are affected customers being compensated for this?

I am sure than when someone's stoled credit or debit card details are use to buy child porn and their lives are shattered as a result or some terrorist or spy is found travelling on our passports Eircom will be there for us:rolleyes:

Irwin R. Schyster

Irwin R. Schyster wrote: »

How are affected customers being compensated for this?

Amazingly I've yet to receive the letter I was told i would also

eircom: Tony

Irwin R. Schyster wrote: »

Amazingly I've yet to receive the letter I was told i would also

Hi Irwin R. Schyster
If you have stil not received the letter, can you PM me your tel no and I can chase this for you. I should be able to advise here.
Tony

witless1

Tony, I got a phone call on Friday from a Meteor rep informing me that they found the laptop that my details were on. Can you confirm this is the case, that a laptop was recovered?

I told the rep that I would still be looking for a new passport and a cancellation of my current account with them as I asked them could he guarantee me that the laptops hard drive was not copied. He said he could not and took details from me about how much a passport would cost. I told him the costs as outlined to me by the passport office and he said he would ring me back that evening, which he didn't.

Are ye taking this seriously at all? Since I was informed I have placed 4 phone calls, 3 live chats with agents, 7 or so twitter messages and 2 emails. Anytime I get through on the phones I am told there is no one there to deal with it and they take my details for a callback. I have received 3 callbacks to date. One went straight to my voicemail (how nice of them), the other rang me at 5.15pm, I missed the call got a voicemail and rang back at 5.20pm. Was told the rep was gone home then. The only call back I got was the one I described above which promised a further callback which didn't happen. It's an absolute joke and the letter I received in the post offering me a free month of my bill was a paltry offering. I still don't know if Eircom / Meteor will replace my passport. I still don't know if they will cancel my contract and I still can't get a callback. I suppose if I cancel my direct debit I might get a call at that stage but don't want to risk losing the number I have had for 13 years. So seriously, Tony, why the meltdown in communicating with customers that ye have seriously messed over?

dub45

witless1 wrote: »

Tony, I got a phone call on Friday from a Meteor rep informing me that they found the laptop that my details were on. Can you confirm this is the case, that a laptop was recovered?

I told the rep that I would still be looking for a new passport and a cancellation of my current account with them as I asked them could he guarantee me that the laptops hard drive was not copied. He said he could not and took details from me about how much a passport would cost. I told him the costs as outlined to me by the passport office and he said he would ring me back that evening, which he didn't.

Are ye taking this seriously at all? Since I was informed I have placed 4 phone calls, 3 live chats with agents, 7 or so twitter messages and 2 emails. Anytime I get through on the phones I am told there is no one there to deal with it and they take my details for a callback. I have received 3 callbacks to date. One went straight to my voicemail (how nice of them), the other rang me at 5.15pm, I missed the call got a voicemail and rang back at 5.20pm. Was told the rep was gone home then. The only call back I got was the one I described above which promised a further callback which didn't happen. It's an absolute joke and the letter I received in the post offering me a free month of my bill was a paltry offering. I still don't know if Eircom / Meteor will replace my passport. I still don't know if they will cancel my contract and I still can't get a callback. I suppose if I cancel my direct debit I might get a call at that stage but don't want to risk losing the number I have had for 13 years. So seriously, Tony, why the meltdown in communicating with customers that ye have seriously messed over?

Your experience shows the difference between the PR blather/hype and the reality experienced by people on the receiving end of Eircom's and their subsidiaries gross carelessness.

Email copies your post to the Joe Duffy or Matt Cooper shows and also to the Data Commissioners office. No doubt Eircom are making a great pr case to the DC about how well they are looking after the victims of their negligence.

Sadly the reality is that companies only respond to embarassment they dont as you have found out give two hoots about real people.

They can't even pick up the pieces with a modicum of effiency!!

dub45

dub45 wrote: »

Can somebody please explain why passport information utility bills etc was transferred to laptops and transported outside HQ. this stuff is a huge prize for anyone in the identity theft game.

I cannot think of any reason why this should happen.

A simple answer in plain English please and can I remind you in advance this is our information not Eircom's and we are entitled to a full explanation.

Can I have an answer please? And if not why not? Again a reminder this is OUR data!!!!!!!!!!!!

dub45

Given the seriousness of this issue the lack of response here is quite shocking and of course illustrative of how 'seriously' Eircom really takes these matters!!

https://www.youtube.com/watch?v=eZGWQauQOAQ

witless1

Another live chat today as I didn't receive my callback yesterday, shock horror I know.

I asked specifically about the laptops being recovered and I was told by the rep that he was unaware that the laptop had been recovered. Towards the end of the conversation I was told that the data had been recovered but the laptops had not. Now the rep on the phone on Friday was very clear that the laptop had been recovered with the data on it so they are lying, very badly. I would also like to know how the data could be recovered but not the laptop. Recovered in a computing sense to me says it was found in their backups, shows they have multiple copies of our data floating around just waiting for a 2nd breach to happen. Recovered to anyone from a non computer background implies it was found, quiet amusing I must say and something he did not clarify.

He did manage to confirm that my request to have the cost of my passport reissued and my contract canceled was appended to my account on the 17th but no resolution is associated with this request and the supervisors are looking into it. I left specific details for a callback with him, which I know that I won't receive but we can always hope.

dub45

witless1 wrote: »

Another live chat today as I didn't receive my callback yesterday, shock horror I know.

I asked specifically about the laptops being recovered and I was told by the rep that he was unaware that the laptop had been recovered. Towards the end of the conversation I was told that the data had been recovered but the laptops had not. Now the rep on the phone on Friday was very clear that the laptop had been recovered with the data on it so they are lying, very badly. I would also like to know how the data could be recovered but not the laptop. Recovered in a computing sense to me says it was found in their backups, shows they have multiple copies of our data floating around just waiting for a 2nd breach to happen. Recovered to anyone from a non computer background implies it was found, quiet amusing I must say and something he did not clarify.

He did manage to confirm that my request to have the cost of my passport reissued and my contract canceled was appended to my account on the 17th but no resolution is associated with this request and the supervisors are looking into it. I left specific details for a callback with him, which I know that I won't receive but we can always hope.

Supervisors looking into it? What a load of rubbish and really offensive when you begin to think about it.

Surely any moderately well organised company would set up a task force to deal with a disaster like this immediately? You would think that assessing basic costs incurred by customers as a result of this fiasco would be a priority if only to lessen the ammunition for customers to have to attack Eircom - bank charges, passport costs etc would be an immediate priority - a liaison with the passport office so that customers would not be left to their own devices and dare I say it regular updates for affected customers. Instead what is there in place? Zilch - nada - precisely nothing! Would it be possible to actually do worse?

One thing is certain though the amount spent on PR so far will easily outweigh anything spent on affected customers:mad::(:mad::mad:

eircom: Tony

witless1 wrote: »

Another live chat today as I didn't receive my callback yesterday, shock horror I know.

I asked specifically about the laptops being recovered and I was told by the rep that he was unaware that the laptop had been recovered. Towards the end of the conversation I was told that the data had been recovered but the laptops had not. Now the rep on the phone on Friday was very clear that the laptop had been recovered with the data on it so they are lying, very badly. I would also like to know how the data could be recovered but not the laptop. Recovered in a computing sense to me says it was found in their backups, shows they have multiple copies of our data floating around just waiting for a 2nd breach to happen. Recovered to anyone from a non computer background implies it was found, quiet amusing I must say and something he did not clarify.

He did manage to confirm that my request to have the cost of my passport reissued and my contract canceled was appended to my account on the 17th but no resolution is associated with this request and the supervisors are looking into it. I left specific details for a callback with him, which I know that I won't receive but we can always hope.

Hi witless1
I agree that this neither clarifies nor helps your situation. I am not really sure what the agents were trying to say with these statements. I suspect what the agent was trying and failing to say, was that all details of accounts and customers impacted by this had been recognised, as this was the information I received.
I was speaking with the web chat agents and was informed by Jamie that she spoke to a customer with similar issue and did advise that customer supervisor was investigating issue. Would you mind PM'ing me your tel no and I can confirm this along with arranging call back and further escalation of this issue.
You should have had a call back and I will arrange this for you.
Tony

dub45

eircom: Tony wrote: »

Hi witless1
I agree that this neither clarifies nor helps your situation. I am not really sure what the agents were trying to say with these statements. I suspect what the agent was trying and failing to say, was that all details of accounts and customers impacted by this had been recognised, as this was the information I received.
I was speaking with the web chat agents and was informed by Jamie that she spoke to a customer with similar issue and did advise that customer supervisor was investigating issue. Would you mind PM'ing me your tel no and I can confirm this along with arranging call back and further escalation of this issue.
You should have had a call back and I will arrange this for you.
Tony

Tony

Isn't the truth of the matter that nobody has a clue what is going on? Why are web chat agents even dealing with people affected by this mess when they are not kept up to date? What exact issue is the customer supervisor even investigating? And if witless actually gets a call back who will it be from and what exactly will that person even know?

Never have I seen such contempt for customers and I do not say that lightly!! Eircom are a total disgrace not just in losing this information but the follow up is quite shameful.

Why do you continue to ignore the questions I have asked you?

Irwin R. Schyster

dub, wasting your breath.

I pmed my number to him on the 16th and have heard nothing back from him of course.

Not even a letter from them, joke of a company.
I work long hours in my job and don't have time to be ringing up customer service to talk to people that have no idea what is going on.

Waiting until the end of the month before cancelling my contract

Irwin R. Schyster

double post

witless1

eircom: Tony wrote: »

Hi witless1
I agree that this neither clarifies nor helps your situation. I am not really sure what the agents were trying to say with these statements. I suspect what the agent was trying and failing to say, was that all details of accounts and customers impacted by this had been recognised, as this was the information I received.

Tony, the agent was quiet clear that the laptop was found and that I basically had nothing to worry about. We are giving you a free month of credit for the trouble you have gone through and can we help you with anything else. That was his exact wording more or less. He basically wanted me to drop my conversation by telling me that everything was found and nothing needs to be done now. I challenged him on it and asked could he guarantee me the laptops contents were not copied between when they were lost and recovered and he said no.

eircom: Tony wrote: »

Would you mind PM'ing me your tel no and I can confirm this along with arranging call back and further escalation of this issue.
You should have had a call back and I will arrange this for you.
Tony

I will PM you my number now, not sure how much good it will do. I did receive a callback and to be honest I am disgusted by it. See below.


I got a callback yesterday evening about 4.30pm. I was given the usual apologies and sorry for taking so long to get back to you. I was told that I cannot cancel my account. I told the girl I spoke to that I want to cancel my account because I feel the account number is compromised and that anyone with access to it still has access to my details. That as a data subject, under the data commissioners guidelines, that it is up to me to protect my identity and interests. I said that I do not mind signing up to a new contract if that is the problem but she was quiet firm and said I had no grounds to cancel my contract and they would not entertain it.

With that brick wall out of the way I got onto the passport issue. I was told that I cannot have my passport replaced and she asked me why would I want it replaced. I explained the conversation I had with the passport office and the legitimate threat further down the line that this poses and again she didn't seem to grasp this. She offered me €50 credit on my meteor account to compensate me for the passport. I told her that was a joke and would the passport office accept meteor credit as payment. She said she didn't know but with the €50 she was offering me and the €25 I would be getting for my free month it would get me close to a new passport. I honestly couldn't believe that was the attitude and tone that she was taking. I asked to speak to someone more senior and she said there wasn't anyone available and that she was the most senior person there. I pointed out how ignorant her offer was with respect to the letter that I received saying that if I am out of pocket because of the data breach that I would be looked after. That is not looking after a customer and I pointed that out to her. She suggested I write a letter to the data commissioner and outline my concerns. I told her that's passing on the buck and not accepting responsibility and protecting a customer. She said to me that she was sorry that that was my view of it. That was it, end of conversation and she basically has closed off my case. So obviously my view is distorted from the rest of the world and I am now in limbo with it.

Tony, that is an absolute disgrace and it left me fuming for the evening after it. Her tone was very much flippant and she sounded like she honestly couldn't give a **** what the outcome of our conversation was. So almost two weeks after this fiasco broke I finally get an answer that ye are basically abandoning customers and leaving the financial burden on them. I cannot afford to hand out money for a new passport. I also cannot protect my identity by removing my meteor account from the equation for another 12 months when my contract ends.

eircom: Tony

Irwin R. Schyster wrote: »

dub, wasting your breath.

I pmed my number to him on the 16th and have heard nothing back from him of course.

Not even a letter from them, joke of a company.
I work long hours in my job and don't have time to be ringing up customer service to talk to people that have no idea what is going on.

Waiting until the end of the month before cancelling my contract

Hi Irwin R. Schyster
as you are a meteor customer I am afraid I do not have access to this. I have contacted Meteor customer support and they were unable to advise what documents had been provided when initiating your contract, however you should receive a call back from them soon. ( As soon as they have this information for you.)
Sory that I could not provide more on this issue.

eircom: Tony

witless1 wrote: »

Tony, the agent was quiet clear that the laptop was found and that I basically had nothing to worry about. We are giving you a free month of credit for the trouble you have gone through and can we help you with anything else. That was his exact wording more or less. He basically wanted me to drop my conversation by telling me that everything was found and nothing needs to be done now. I challenged him on it and asked could he guarantee me the laptops contents were not copied between when they were lost and recovered and he said no.



I will PM you my number now, not sure how much good it will do. I did receive a callback and to be honest I am disgusted by it. See below.


I got a callback yesterday evening about 4.30pm. I was given the usual apologies and sorry for taking so long to get back to you. I was told that I cannot cancel my account. I told the girl I spoke to that I want to cancel my account because I feel the account number is compromised and that anyone with access to it still has access to my details. That as a data subject, under the data commissioners guidelines, that it is up to me to protect my identity and interests. I said that I do not mind signing up to a new contract if that is the problem but she was quiet firm and said I had no grounds to cancel my contract and they would not entertain it.

With that brick wall out of the way I got onto the passport issue. I was told that I cannot have my passport replaced and she asked me why would I want it replaced. I explained the conversation I had with the passport office and the legitimate threat further down the line that this poses and again she didn't seem to grasp this. She offered me €50 credit on my meteor account to compensate me for the passport. I told her that was a joke and would the passport office accept meteor credit as payment. She said she didn't know but with the €50 she was offering me and the €25 I would be getting for my free month it would get me close to a new passport. I honestly couldn't believe that was the attitude and tone that she was taking. I asked to speak to someone more senior and she said there wasn't anyone available and that she was the most senior person there. I pointed out how ignorant her offer was with respect to the letter that I received saying that if I am out of pocket because of the data breach that I would be looked after. That is not looking after a customer and I pointed that out to her. She suggested I write a letter to the data commissioner and outline my concerns. I told her that's passing on the buck and not accepting responsibility and protecting a customer. She said to me that she was sorry that that was my view of it. That was it, end of conversation and she basically has closed off my case. So obviously my view is distorted from the rest of the world and I am now in limbo with it.

Tony, that is an absolute disgrace and it left me fuming for the evening after it. Her tone was very much flippant and she sounded like she honestly couldn't give a **** what the outcome of our conversation was. So almost two weeks after this fiasco broke I finally get an answer that ye are basically abandoning customers and leaving the financial burden on them. I cannot afford to hand out money for a new passport. I also cannot protect my identity by removing my meteor account from the equation for another 12 months when my contract ends.

My apologies for any inappropriate tone witless1, it really does sound like that could have been handled better. I do know that she was providing the correct information in regard to compensation at the time. I have your PM now and am chasing to see what can be done here. I hope to be back to you later today but due to nature of issue it may be tomorrow.
I wil lbe back to you though to clarify your own particular request.
Tony

witless1

eircom: Tony wrote: »

My apologies for any inappropriate tone witless1, it really does sound like that could have been handled better. I do know that she was providing the correct information in regard to compensation at the time. I have your PM now and am chasing to see what can be done here. I hope to be back to you later today but due to nature of issue it may be tomorrow.
I wil lbe back to you though to clarify your own particular request.
Tony

It could have been handled a tiny bit better to say the least. It's not nice having to drive a conversation and each time getting hit with the same one liner saying they will not budge on their stance. Apparently everything she told me was approved from management above her and that's what took so long to get back to me. Judging by the lies I have been told already by another supervisor, this could be taken with a large grain of salt.

Thanks for looking into it though and hopefully you can get back to me with something more informative.

eircom: Tony

witless1 wrote: »

It could have been handled a tiny bit better to say the least. It's not nice having to drive a conversation and each time getting hit with the same one liner saying they will not budge on their stance. Apparently everything she told me was approved from management above her and that's what took so long to get back to me. Judging by the lies I have been told already by another supervisor, this could be taken with a large grain of salt.

Thanks for looking into it though and hopefully you can get back to me with something more informative.

I will certainly do my best on this witless1 and wil be in conbtact as soon as I can.
Tony

KoolKid

dub45 wrote: »

Tony

Isn't the truth of the matter that nobody has a clue what is going on? Why are web chat agents even dealing with people affected by this mess when they are not kept up to date? What exact issue is the customer supervisor even investigating? And if witless actually gets a call back who will it be from and what exactly will that person even know?

Never have I seen such contempt for customers and I do not say that lightly!! Eircom are a total disgrace not just in losing this information but the follow up is quite shameful.

Why do you continue to ignore the questions I have asked you?

Dub , you wasting your time here. It seems once the guys here decide they don't want to answer something then they won,t. I had the same problems on a couple of different occasions, with the lies being told by Eircom re alarm monitoring & phone lines. Tony even tried calling himself a moderator to get out of answering.
This raises serious concerns re the Talk To forums if the reps are able to be selective in what they answer & what they choose to ignore.
Maybe it should be passed onto Dav.