emobile/meteor laptops stolen with customers details

Carroller16

cronjob78 wrote: »

I got a call from a Cork number 021 4641500 earlier and a guy with a heavy Dublin accent asking me about this. Usually "Customer Care" comes up when they call. I was in an underground carpark so the reception wasn't great.

Tried calling customer care back to check if it's legit. Haven't experienced any fraud I'm aware of.

Could a Meteor rep comment on this please and tell me if Meteor are calling people today?

I got a missed call from that number today as well. They left a voicemail saying something along the lines of we're ringing you about your data protection issue pleas contact us back on
1800 444 cant remember the rest of the no.

The guy had a really strong Cork accent.

Kensington

Well I've received one of these warning letters aswell, apparently my:
- Phone number
- Email address
- Address
- Date of birth

are at risk now.

Absolutely shambolic to say the least and the letter raised more questions than it answers.
For example, how do they have my DOB?
Was it from the drivers license scan I submitted as proof of ID?

How do they have my address?
Was it from the bank statement I submitted?

My job is in IT and if it was discovered there was a laptop deployed by us containing sensitive details which were not encrypted, it'd be P45 time for the person responsible (or, rather, person irresponsible!) - and the company I work for doesn't even deal with personally identifiable information! Which is why it's standard IT policy that ALL laptops are encrypted, regardless of their actual purpose.

Why a telecoms company needs to store personally identifiable information locally and then not have the competency or even basic cop-on to think to encrypt it just boggles my mind, it really does. Did no-one in Eircom even stop to think "Would I like if all my personal information were to be stored in this manner?" or is it simply the case that nobody cares?

dub45

Kensington wrote: »

Well I've received one of these warning letters aswell, apparently my:
- Phone number
- Email address
- Address
- Date of birth

are at risk now.

Absolutely shambolic to say the least and the letter raised more questions than it answers.
For example, how do they have my DOB?
Was it from the drivers license scan I submitted as proof of ID?

How do they have my address?
Was it from the bank statement I submitted?

My job is in IT and if it was discovered there was a laptop deployed by us containing sensitive details which were not encrypted, it'd be P45 time for the person responsible (or, rather, person irresponsible!) - and the company I work for doesn't even deal with personally identifiable information! Which is why it's standard IT policy that ALL laptops are encrypted, regardless of their actual purpose.

Why a telecoms company needs to store personally identifiable information locally and then not have the competency or even basic cop-on to think to encrypt it just boggles my mind, it really does. Did no-one in Eircom even stop to think "Would I like if all my personal information were to be stored in this manner?" or is it simply the case that nobody cares?

It is quite incredible that a supposedly senior manager could write such offensive crap (as in the attachment). Do Meteor really think that their customers are idiots and will put up with the rubbish that this letter typifies ? Will someone tell this guy that is beyond offensive in the light of eircom's christmas data distribution gift to be telling us that 'meteor treats the protection and privacy of all customer information extremely seriously'.

I would have expected that anyone in such a senior management position would have some cop on and sensitivity but really only some sort of twit would issue such an insensitive letter three months after this fiasco. No explanation for the delay in informing customers, no effort to explain why the laptops and the 45 others were not encrypted, or why their internal procedures did not pick up on this failure, no acknowledgement of the serious delay in informing the data protection commissioner.

And as for calling 'our dedicated free phone number' dedicated to what exactly? Randomly picked staff who haven't a clue about what's going on reading vacuous scripts? Excuse me while I reach for the sick bag:mad::mad::mad:

Incidentally is this the first time that we have seen a reference to 'potential' customers?

Kensington

I'd imagine "potential customer" in the sense of those who applied but were declined or decided not to go ahead with their application for whatever reason.

dub45

Kensington wrote: »

I'd imagine "potential customer" in the sense of those who applied but were declined or decided not to go ahead with their application for whatever reason.

Agreed but I don't recall seeing any reference before to this category being affected. However we might be told next week that they are not affected at all:mad:

Kensington

dub45 wrote: »

Agreed but I don't recall seeing any reference before to this category being affected. However we might be told next week that they are not affected at all:mad:

I don't think they know for sure themselves from the wording of the letter.

witless1

Carroller16 wrote: »

The guy had a really strong Cork accent.

That's the guy who I was talking to, very hard to understand and didn't really seem clued in to what was going on which brings me to this:

dub45 wrote: »

Randomly picked staff who haven't a clue about what's going on reading vacuous scripts? Excuse me while I reach for the sick bag:mad::mad::mad:

Couldn't sum it up any better.

I pointed out that he was ringing me to keep me informed and telling me information I knew a week already and kept pointing out that he was only doing his job. Surely he should have correct and relevant information or understand that someone else has already passed this information on. I asked him for an update on the same question (passport) that I am asking almost 7 weeks now and he said he hadn't any information on it.

Kensington wrote: »

I don't think they know for sure themselves from the wording of the letter.

I'm still waiting for my letter to come in the door to see what it is they think is compromised. I'm not convinced that that they can say with absolute certainty that other elements were not compromised. I'd love to know how they know for certain what was lost for each individual? Is it a case there is a backup image of each laptop? Or a paper trail or what. Magically changing their mind on what is lost months later isn't reassuring customers at all.

dub45

witless1 wrote: »

That's the guy who I was talking to, very hard to understand and didn't really seem clued in to what was going on which brings me to this:



Couldn't sum it up any better.

I pointed out that he was ringing me to keep me informed and telling me information I knew a week already and kept pointing out that he was only doing his job. Surely he should have correct and relevant information or understand that someone else has already passed this information on. I asked him for an update on the same question (passport) that I am asking almost 7 weeks now and he said he hadn't any information on it.




I'm still waiting for my letter to come in the door to see what it is they think is compromised. I'm not convinced that that they can say with absolute certainty that other elements were not compromised. I'd love to know how they know for certain what was lost for each individual? Is it a case there is a backup image of each laptop? Or a paper trail or what. Magically changing their mind on what is lost months later isn't reassuring customers at all.

I have been thinking about this phone call you received quite a bit since your earlier post.

If this so called "dedicated" unit actually operated to any degree of professionalism or competence then surely the staff involved would realise that any customer contacted would be likely to ask further questions and that it would be wise to anticipate them? Would it not be odd for any customer finally in contact with someone from Eircom not to use the opportunity to ask some questions?

Give that witless1 had previous contacts with Eircom would it not be reasonable to expect that the 'dedicated' unit would have a record of his concerns on file and that anyone ringing him might check that record to anticipate further likely questions?

However we are talking about Eircom here and the proof of the abject response is that the reality as experience by witless1 was the complete opposite to what a thoughtful and professional approach might be. They couldn't even get the name right!

Kenny Logins

eircom: Tony wrote: »

Hi Kenny Loggins
if you PM me your telephone number I can have this investigated for you. I spould be able to advise of status in your particular case.
Tony

My letter says email, address and phone number were compromised. I would like to know why my information was being held on a laptop when I'm not even a customer. The letter does say the information was provided by me when I applied to open a Meteor account, but when? June 2011?

How did this information find itself on an employee laptop, and for what purpose?

How do I know that no other information was retained and subsequently lost?

Johnboy1951

Johnboy1951 wrote: »

May I have clarification please around what EXACTLY has been done to attempt to inform former customers of the data breach?

It appears from the above that former customers are in the majority of those whose data has been compromised.

Not good practice to quote myself ....... but this question is being ignored apparently.

Can I have an answer please?

antocann

witless1

dub45 wrote: »

If this so called "dedicated" unit actually operated to any degree of professionalism or competence then surely the staff involved would realise that any customer contacted would be likely to ask further questions and that it would be wise to anticipate them?

The questions I asked are the same ones I am asking since this started so it wasn't out of the blue or unexpected by any means.

dub45 wrote: »

Give that witless1 had previous contacts with Eircom would it not be reasonable to expect that the 'dedicated' unit would have a record of his concerns on file and that anyone ringing him might check that record to anticipate further likely questions?

This has been confirmed to me that they do not have a full transparent record or that they can easily produce one. Half the battle Tony has had on my behalf is trying to consolidate my calls / emails and IMs to produce a full case history. Two of my previous three customer callbacks have had no knowledge of the fact another agent had called me and given me contradictory information. The flat out refusal of one agent (who had it confirmed from her bosses) that they would not be replacing my passport (or allowing me cancel my account), followed by a call a day later by another agent delighted to inform me they would be replacing it. That 2nd agent was genuinely perplexed that someone with no authority to make that decision had told me in no uncertain terms that my passport or the matter of my account, was not up for further discussion.

dub45 wrote: »

They couldn't even get the name right!

Name and Gender wrong, so until I see a physical letter I won't know where I stand.

eircom: Tony

Johnboy1951 wrote: »

Not good practice to quote myself ....... but this question is being ignored apparently.

Can I have an answer please?

Hi Johnboy1951
no intention to ignore this, I can say that all customers impacted by this issue should have received a letter and follow up call. I do know that enquiries and investigations are continuing and that I should be able to post more details here soon.
As always if you do want me to look into your own particular cases please PM me here.
Tony

dub45

eircom: Tony wrote: »

Hi Johnboy1951
no intention to ignore this, I can say that all customers impacted by this issue should have received a letter and follow up call. I do know that enquiries and investigations are continuing and that I should be able to post more details here soon.
As always if you do want me to look into your own particular cases please PM me here.
Tony

Tony you stated exactly the same thing some time ago yet further people have only just been informed that their details are at risk. How can anyone be expected to believe anything from Eircom at this stage?

On 23rd February :

To date all Meteor customer impacted by this issue should have been contacted. If you have not been contacted then your account details were not impacted and are not at risk.

Kensington

I received no such follow up-call to any of the registered contact telephone numbers which were supplied to Meteor at the sign up process.

The above letter is the first indication my details were involved in the data breach.

Johnboy1951

eircom: Tony wrote: »

Hi Johnboy1951
no intention to ignore this, I can say that all customers impacted by this issue should have received a letter and follow up call. I do know that enquiries and investigations are continuing and that I should be able to post more details here soon.
As always if you do want me to look into your own particular cases please PM me here.
Tony

It would appear that what should happen and what has happened are nowhere close to being the same.

As I believe I mentioned in a previous post, it is a worry that a family member's personal details have been compromised.

At this time, it is my advice to them NOT to supply Eircom with any further personal information, in ANY form. So, no, I will not be supplying details of that person to any Eircom rep. If the personal info has been compromised it is Eircom's responsibility to attend to the matter as a matter of urgency. This quite obviously has not happened. Eircom is not, IMO, to be trusted with further personal information.

To address your response to the question:

Telling me that a letter should have issued, is not telling me EXACTLY what procedure Eircom has used to identify & notify former account holders of the breach of their data.

Due to the lack of certainty and explanation of procedures followed after the data breach, how can anybody be sure they have been correctly identified as one whose personal info has been compromised?

From the debacle obvious from this thread, people have good reason to assume their info has been compromised and Eircom have failed to identify the fact.

So, rather than asking for more personal details, maybe you would explain EXACTLY what procedures Eircom has used to identify affected customers/former customers/failed applicants about the data breach.

The issuance of a letter is the result of the identification procedure, and not details on how those affected have been identified.

Please supply details of the procedures used to identify affected persons.

Also, what is the EXACT breakdown, in numbers, of those affected in the various categories ..... customer/former customer/non-customer whose details were taken ?

The refusal, or inability, to supply clear details to everyone, generates even more suspicion, which, based on what has happened to date, is well deserved.

Thank you.

eircom: Tony

Carroller16 wrote: »

I got a missed call from that number today as well. They left a voicemail saying something along the lines of we're ringing you about your data protection issue pleas contact us back on
1800 444 cant remember the rest of the no.

The guy had a really strong Cork accent.

Hi Carroller16
if you wish to PM me your tel number I can chase this and ensure you get a callback from appropriate section. I can also chgase to see what information I can provide you.
Tony

Kensington

Tony - would it be possible for you to chase up on my case also please?

Specifically, in what format was my data stored?
Was it a SQL-style database of lots of customers?
An Excel worksheet?
Were there also scanned images of documents submitted as proof of ID?
For what purpose was that data stored locally on the laptop hard drive?
Do Eircom still store data on remote (laptops, desktops, memory sticks etc.) locations - hopefully encrypted now? How can I arrange for any data Eircom still store about me to be completely erased and destroyed from all and any of your systems?

2qk4u

I recieved the letter last week that said my address, email and number were on one of these laptops, A friend said to me that I should contact Meteor and ask to be let out of my contract to allow me move to another provider due to their lack of security with my info.

dub45

Kensington wrote: »

Tony - would it be possible for you to chase up on my case also please?

Specifically, in what format was my data stored?
Was it a SQL-style database of lots of customers?
An Excel worksheet?
Were there also scanned images of documents submitted as proof of ID?
For what purpose was that data stored locally on the laptop hard drive?
Do Eircom still store data on remote (laptops, desktops, memory sticks etc.) locations - hopefully encrypted now? How can I arrange for any data Eircom still store about me to be completely erased and destroyed from all and any of your systems?

This might be of interest to you:

http://www.techcentral.ie/18287/eircom-computer-theft-exposes-customer-and-employee-data-

in particular:

Bradley confirmed that the two machines stolen from the Parkwest office were in current use at the time. "They were used by our sales and support teams on the mobile side, and would have been processing applications submitted by e-mail."

Read more: http://www.techcentral.ie/18287/eircom-computer-theft-exposes-customer-and-employee-data-#ixzz1qMHQaS2v

If you want to find out what information they (and who knows how many others by now!) are holding on you have a look:

http://www.dataprotection.ie/ViewDoc.asp?fn=/documents/rights/2d.htm&CatID=17&m=r

Kensington

Well technically Eircom don't hold the laptop-stored information about me anymore so I'm not sure the DPC could help in that regard...

I'd really like to get it confirmed exactly what was stored on that laptop though. Can Eircom even tell?

dub45

Kensington wrote: »

Well technically Eircom don't hold the laptop-stored information about me anymore so I'm not sure the DPC could help in that regard...

I'd really like to get it confirmed exactly what was stored on that laptop though. Can Eircom even tell?

Given what we have seen repeatedly in this thread I think it is safe to assume that Eircom do not have a clue at any stage what is going on. The only consistent thing is Eircom's inconsistency.

I certainly wouldn't assume that because data was stored on one or other of those laptops that it wasn't stored elsewhere as well.

They were able to contact you so they must have data on record for you.

witless1

2qk4u wrote: »

A friend said to me that I should contact Meteor and ask to be let out of my contract to allow me move to another provider due to their lack of security with my info.

The support teams on the phones won't give you much joy with it from personal experience. The term you are looking for with regards your contract is "frustration"* which is a legal term in contract law, worth a google on.


* Usual boards disclaimer of I am not a lawyer, but I have sought legal advice on this.

eircom: Tony

Kensington wrote: »

Well technically Eircom don't hold the laptop-stored information about me anymore so I'm not sure the DPC could help in that regard...

I'd really like to get it confirmed exactly what was stored on that laptop though. Can Eircom even tell?

Hi Kensington
First and foremost we have to apologise to any impacted customers. To answers your own and other posts on this thread I have the following information
· The company’s policy requires all laptops to be encrypted. However, while these laptops were password protected, they were not encrypted. The reason for this is under a separate investigation. An ongoing investigations taskforce led by a number of the Senior Management Team and our IT Department is in place to ensure that all laptops are fully encrypted and all the issues raised by this incident are addressed.
· A third party validation exercise began on 22th February by a leading industry specialist in data analysis
· It was found that data stored locally on the laptop was processed accordingly, but was not destroyed or removed from the laptop. As the laptop was not encrypted, this meant potential exposure.
· We have conducted an audit to ensure all laptops are now fully encrypted – in line with the company policy and to find out how this breach happened and how it can be avoided in the future.
· For close to 90% (86%) of those people impacted, the data at risk is name, address, contact telephone number and possibly an eircom account number
· We do have access to all impacted information including copies of the documents that were stolen.
· A dedicated team of 20 people are also being given access to a Database that shows what information we held for each of the customers/ non customers impacted. This team will be available on FreePhone 1800444085.
· If you PM me the reference number of the letter this will identify which type of letter you have been sent. The letters are referenced 0001 to 0009. If you include telephone and pin number I should be able to answer most of your questions concerning your particular account
As I have stated if you do wish to have further details regarding your own particular case please PM me your details or call the support number above. We will do all we can you advise and help.

Tony

backboiler

cronjob78 wrote: »

I got a call from a Cork number 021 4641500 earlier ...

Could a Meteor rep comment on this please and tell me if Meteor are calling people today?

Eircom:Tony, can you please verify that this is a number used by your company?

eircom: Tony

backboiler wrote: »

Eircom:Tony, can you please verify that this is a number used by your company?

Hi backboiler
though I cannot confirm exactly what this number is used for it is an eircom company number. If you would like me to look into you would like me to chase if a call was made to you can you PM me your tel and account number?
I should be able to advise on this.
Tony

maccyy

I have spent the past hour reading through all of these posts and am simply amazed at it all! I am a pre pay meteor customer and earlier on i recieved a text message telling me that i had won millions in a dutch lotto of some sort and to email them a code to recieve my money!!
Now im sorry but there is simply no other way that anyone could have got my telephone number other then my details were in one of those laptops! I have never recieved a letter or phone call telling me that my data was compromised but after googling i found on a website post from people saying they have also recieved the same texts and they are all meteor customers!
Now i know as a pre pay customer meteor dont have any copies of bank statements or driving licence but they do have my name,date of birth,address and laser card info!

All i want is someone to inform has my data been compromised because this happened three months ago so if it has and i have not been told i want to know why?

NeitherJohn

maccyy wrote: »

I have spent the past hour reading through all of these posts and am simply amazed at it all! I am a pre pay meteor customer and earlier on i recieved a text message telling me that i had won millions in a dutch lotto of some sort and to email them a code to recieve my money!!
Now im sorry but there is simply no other way that anyone could have got my telephone number other then my details were in one of those laptops! I have never recieved a letter or phone call telling me that my data was compromised but after googling i found on a website post from people saying they have also recieved the same texts and they are all meteor customers!
Now i know as a pre pay customer meteor dont have any copies of bank statements or driving licence but they do have my name,date of birth,address and laser card info!

All i want is someone to inform has my data been compromised because this happened three months ago so if it has and i have not been told i want to know why?

Wait, I got that text as well this morning at 00:00. Mine came in as an MMS from a gmail account. "nldelotto@gmail.com"

I can tell you now, that I have never signed up for any kind of premium service on my mobile, nor have I entered my number on any form on any website.

Does that mean that my details were possibly on that laptop as well? I'm on Meteor btw.

eircom: Tony

maccyy wrote: »

I have spent the past hour reading through all of these posts and am simply amazed at it all! I am a pre pay meteor customer and earlier on i recieved a text message telling me that i had won millions in a dutch lotto of some sort and to email them a code to recieve my money!!
Now im sorry but there is simply no other way that anyone could have got my telephone number other then my details were in one of those laptops! I have never recieved a letter or phone call telling me that my data was compromised but after googling i found on a website post from people saying they have also recieved the same texts and they are all meteor customers!
Now i know as a pre pay customer meteor dont have any copies of bank statements or driving licence but they do have my name,date of birth,address and laser card info!

All i want is someone to inform has my data been compromised because this happened three months ago so if it has and i have not been told i want to know why?

Hi maccy
Yes as a pre pay customer we would not have this information. To get details on your specific case you should call our team dedicated to this issue who have access to Database that shows what information is held for each of the customers/ non customers impacted. This team will be available on FreePhone 1800444085.
If you wish yo ucan PM me and I will chase this for you also.
Tony

eircom: Tony

NeitherJohn wrote: »

Wait, I got that text as well this morning at 00:00. Mine came in as an MMS from a gmail account. "nldelotto@gmail.com"

I can tell you now, that I have never signed up for any kind of premium service on my mobile, nor have I entered my number on any form on any website.

Does that mean that my details were possibly on that laptop as well? I'm on Meteor btw.

Hi NeitherJohn
We have a team dedicated to this issue and who have access to Database that shows what information is held for each of the customers/ non customers impacted. This team are available on FreePhone 1800444085.
Or again yo can PM me and I can chase details for you.
Tony