Data Breach

Johnboy1951

How and when are eir customers to be notified of the effects of the Data Breach on them individually, which happened 10 days ago.

Is it not rather weird that there is a faulty security update and the day after that a laptop containing customer data was 'stolen'?

Do customers now have to change all their passwords for the various eir services?

Some information would be appreciated ........  even if it is 10 days late!

Chong

Johnboy1951 wrote: »

How and when are eir customers to be notified of the effects of the Data Breach on them individually, which happened 10 days ago.

Is it not rather weird that there is a faulty security update and the day after that a laptop containing customer data was 'stolen'?

Do customers now have to change all their passwords for the various eir services?

Some information would be appreciated ........  even if it is 10 days late!

As a result of this breach does this allow for contract break free of charge?

MoyVilla9

Are they seriously telling me that customer information was stored on non encrypted laptop? Absolutely ridiculous. 

The J Stands for Jay

MoyVilla9 wrote: »

Are they seriously telling me that customer information was stored on non encrypted laptop? Absolutely ridiculous. 

Even if we accept that an update magically unencrypted the data, whap possible reason could they have for putting the data on a laptop and having it outside their premises?

troyzer

MoyVilla9 wrote: »

Are they seriously telling me that customer information was stored on non encrypted laptop? Absolutely ridiculous. 

They'll be getting a heavy slap under GDPR for this.

Wanderer78

I know a chap that hacked their network years ago, said it was very easy, but that was back in the 90's. Informed them to of their vulnerabilities, admins went ballistic

SSeanSS

no way a faulty security update un-encrypted the disk. think eir will have to come up with a better excuse because the public aren't that gullible

eir: Tracey

Johnboy1951 wrote: »

How and when are eir customers to be notified of the effects of the Data Breach on them individually, which happened 10 days ago.

Is it not rather weird that there is a faulty security update and the day after that a laptop containing customer data was 'stolen'?

Do customers now have to change all their passwords for the various eir services?

Some information would be appreciated ........  even if it is 10 days late!

Hi all, 

We have an announcement on our website in relation to this. It advises you on all details, you can view this here

Thanks 

Tracey 

The J Stands for Jay

eir: Tracey wrote: »

Hi all, 

We have an announcement on our website in relation to this. It advises you on all details, you can view this here

Thanks 

Tracey 

Hi Tracey,

Can you let us know the lawful purpose for this information being stored on a laptop in a public place?

Thanks

eir: Sarah

McGaggs wrote: »

eir: Tracey wrote: »

Hi all, 

We have an announcement on our website in relation to this. It advises you on all details, you can view this here

Thanks 

Tracey 

Hi Tracey,

Can you let us know the lawful purpose for this information being stored on a laptop in a public place?

Thanks

Hi McGaggs,

All the information we currently have has been posted to our website linked above. We will update you if further information becomes available to us.

Thanks,

Sarah

Johnboy1951

eir: Sarah wrote: »

McGaggs wrote: »

eir: Tracey wrote: »

Hi all, 

We have an announcement on our website in relation to this. It advises you on all details, you can view this here

Thanks 

Tracey 

Hi Tracey,

Can you let us know the lawful purpose for this information being stored on a laptop in a public place?

Thanks

Hi McGaggs,

All the information we currently have has been posted to our website linked above. We will update you if further information becomes available to us.

Thanks,

Sarah

So it is a heck of a lot worse than I thought!

The laptop was password protected but not encrypted.

In this case the laptop had been decrypted by a faulty security update the previous working day.

How is this possible? ......... what operating system and what encryption scheme could allow this to happen?

Seth Brundle

When was the laptop stolen?
When was the ODPC notified?
What was the software update that unencrypted the laptop?
What form of encryption was on the laptop?
For what reason was the personal data for 37000 customers on a laptop?
Is it commonplace for staff to require such large volumes of customer data on a portable device?
Your explanation page states: "Our data protection rules are very rigorous" - how can for believe this to be the case given what happened?

Riesen_Meal

troyzer wrote: »

They'll be getting a heavy slap under GDPR for this.

Yup,

Mental a laptop can carry 37k users information on it...

SSeanSS

Johnboy1951 wrote: »

eir: Sarah wrote: »

McGaggs wrote: »

eir: Tracey wrote: »

Hi all, 

We have an announcement on our website in relation to this. It advises you on all details, you can view this here

Thanks 

Tracey 

Hi Tracey,

Can you let us know the lawful purpose for this information being stored on a laptop in a public place?

Thanks

Hi McGaggs,

All the information we currently have has been posted to our website linked above. We will update you if further information becomes available to us.

Thanks,

Sarah

So it is a heck of a lot worse than I thought!

The laptop was password protected but not encrypted.

In this case the laptop had been decrypted by a faulty security update the previous working day.

How is this possible? ......... what operating system and what encryption scheme could allow this to happen?

This would not happen on Microsoft or MacOS, wouldn't happen either on most Linux distributions but i really doubt eir would be using Linux. There are no Microsft or MacOS updates that will unencrypt a disk, its complete lies! there is one update that will crash in Windows 10 if disk is encrypted but it certainly wont dis-encrypt it. Think of it like, how could a seperate update do this.. also if this were possible we'd have heard about it already!

Purple Mountain

Your statement does not say why a laptop with 37,000 people's personal details was in a 'public place'?
Please could your press release/PR representative people explain this?
Why would IT hardware need to be in a 'public place' and removed from your office?
This is absolute negligent behaviour that staff are allowed to take a laptop off site that contains tens of thousands of customers details that are nob encrypted.
Can you explain what consequences have been levied against the staff member(s) from whose care the laptop was stolen?

flexcon

Seth Brundle wrote: »

When was the laptop stolen?
When was the ODPC notified?
What was the software update that unencrypted the laptop?
What form of encryption was on the laptop?
For what reason was the personal data for 37000 customers on a laptop?
Is it commonplace for staff to require such large volumes of customer data on a portable device?
Your explanation page states: "Our data protection rules are very rigorous" - how can for believe this to be the case given what happened?

You probably wont get this information right away if at all. They don't have to share it - Long Shot.

As for GDPR, there is no way they would get away with this. The penalty is insane. You're talking about Millions of euro here.

I recently went through the GDPR training and it seems the EU takes this very very seriously.

I'd imagine in the background there are some frantic lawyers and advisors working out how to play this. Main thing to take away from this though is they let us all know within ten days. It actually happened this time.

ArrBee

Ahhh, It's fairly easy to imagine customer data being on a laptop.

The only bit that I'd call out is the excuse given for the lack of encryption.
It's clearly made up to excuse the breaking of internal policy (FAQ says it's policy for password+encryption).

Pelvis

Jesus, rough crowd!! Eir have millions of customers and people are questioning WHY 37k customer's data was on a laptop, and in a public place? Of all the stupid ****in' questions...

As the previous poster said, the main issue here is the laptop wasn't encrypted, that's just ridiculous.

irishgrover

If I was a reporter and of a mind to be inquisitive I would do some digging and find out what company provide the software for software encryption for Eir (there are not that many and I think we could already guess who it is). I'm sure it would not be that difficult to find out. I would then ask them to comment on the fact that according to Eir their software updates "accidentally unencrypt" latops.......
This excuse reeks of what corporations later refer to as "we mispoke" when they have been found out....

SEPT 23 1989

I am one of the 37k

Received an e mail today

Johnboy1951

SEPT 23 1989 wrote: »

I am one of the 37k

Received an e mail today

Care to share the contents of the email? ----  without personal info of course

Dear......

I am writing to you to inform you of the loss of personal data of a number of eir customers. This issue has arisen as a result of the theft of one laptop, which was immediately reported to the Gardai. A comprehensive internal investigation and security review has been launched and the matter has been reported to the Office of the Data Protection Commissioner.

Unfortunately the stolen laptop contained a file containing some or all of the following information specifically relating to you: name, email address, eir account number and contact number. No financial data relating to you was stored on the laptop in question, or any other personal data.

While there is no evidence at this time that the data has been used by a third party, as a precaution we are writing to all those affected and advising them to be extra vigilant.

On behalf of eir I would like to apologise for any concern this may cause you.

eir treats privacy and protection of all data extremely seriously and our policy is that all company laptops should be encrypted as well as password protected. In this case the laptop had been decrypted by a faulty security update the previous working day, which had affected a subset of our laptops and has since been corrected.

More information in relation to this matter is available at www.eir.ie/customer-announcement

Yours sincerely
Catherine Lonergan
Catherine Lonergan

Seth Brundle

According to her LinkedIn profile Catherine Lonergan's role is "Managing Director Sales".
Strange how the letter isn't from their data protection officer whose details are not easy to find from Eir, but I believe is Mary Colhoun.

The J Stands for Jay

ArrBee wrote: »

Ahhh, It's fairly easy to imagine customer data being on a laptop.

The only bit that I'd call out is the excuse given for the lack of encryption.
It's clearly made up to excuse the breaking of internal policy (FAQ says it's policy for password+encryption).

I can't think of a reason why. Why do you think they needed it ? Genuinely curious to figure out why

The J Stands for Jay

Pelvis wrote: »

Jesus, rough crowd!! Eir have millions of customers and people are questioning WHY 37k customer's data was on a laptop, and in a public place? Of all the stupid ****in' questions...

As the previous poster said, the main issue here is the laptop wasn't encrypted, that's just ridiculous.

4% of the customer base being affected isn't nothing.

CeilingFly

Funny,  most people throw bills into their bin without a thought , but get all worked up over fairly basic information is in a data breach.

Its relatively minor compared to the major data breaches from places like tk maxx, clarks shoes and others where credit card numbers and full customer details taken - yet the whiners weren't on boards about that???

Johnboy1951

CeilingFly wrote: »

Funny,  most people throw bills into their bin without a thought , but get all worked up over fairly basic information is in a data breach.

Its relatively minor compared to the major data breaches from places like tk maxx, clarks shoes and others where credit card numbers and full customer details taken - yet the whiners weren't on boards about that???

Jeeze! 

What a stupid post!

The J Stands for Jay

CeilingFly wrote: »

Funny,  most people throw bills into their bin without a thought , but get all worked up over fairly basic information is in a data breach.

Its relatively minor compared to the major data breaches from places like tk maxx, clarks shoes and others where credit card numbers and full customer details taken - yet the whiners weren't on boards about that???

Who the hell gets paper bills from eir?

Pretty easy to do a chargeback on a credit card.

horgan_p

CeilingFly wrote: »

Funny,  most people throw bills into their bin without a thought , but get all worked up over fairly basic information is in a data breach.

Its relatively minor compared to the major data breaches from places like tk maxx, clarks shoes and others where credit card numbers and full customer details taken - yet the whiners weren't on boards about that???

SImple. Its because GDPR. The public, the media  (and some would say the commissioner) have all been waiting to make an example of someone.
And along came Eir.......

sexmag

horgan_p wrote: »

SImple. Its because GDPR. The public, the media  (and some would say the commissioner) have all been waiting to make an example of someone.
And along came Eir.......

To be fair the laptop wouldn't have solely been the purpose of these 37k customers, most likely the manager received a file to review,could have been a spreadsheet of data collected to help understand something better, this is their work laptop, many people take them home, it's possible he went to a beach to continue working off site and was mugged....who knows.

The data that was taken will have no effect on people, it's account numbers and contact preferences, no body will be able to do anything with it,especially with the new stringent gdpr q questions their customer service have. It's just lost data that's it and because it was reported immediately and depending on the circumstance they may not be fined at all

Everybody up in arms,there won't be identity theft or anything from this

Edit: You should all be a lot more concerned about Google tracking your movements even when you've deactivated your location for them to do that, someone knowing where you come and go is a lot more serious than your name and email on a laptop that a thief may or may not have access too

CeilingFly

Johnboy1951 wrote: »

CeilingFly wrote: »

Funny,  most people throw bills into their bin without a thought , but get all worked up over fairly basic information is in a data breach.

Its relatively minor compared to the major data breaches from places like tk maxx, clarks shoes and others where credit card numbers and full customer details taken - yet the whiners weren't on boards about that???

Jeeze! 

What a stupid post!

Jeeze, your name and email address is on a lost laptop 


Wow.

Utterly boring .