Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Data Breach
Options
Comments
-
This would not happen on Microsoft or MacOS, wouldn't happen either on most Linux distributions
Where does it say it was OS encryption stuff?There are no Microsft or MacOS updates that will unencrypt a disk, its complete lies!
Where does it say it was OS encryption stuff?there is one update that will crash in Windows 10 if disk is encrypted but it certainly wont dis-encrypt it.
Where does it say it was OS encryption stuff?Think of it like, how could a seperate update do this.. also if this were possible we'd have heard about it already!
telpis0 -
Henry Ford III wrote: »Seems there are avenues open to seek redress and compensation.......
How is there avenue for compensation? What damages or losses have you financially sustained by this?Just got the email today stating they had a breach and my information was among those lost. Yesterday was the end of my contract with Eir. Fitting end to a poor service. I hope they get a hefty fine from breaching GDPR. And if I start getting dodgy calls, emails I'll be in contact with them soon.
How will you prove any dodgy emails or calls came from their data breach of this laptop?0 -
This would not happen on Microsoft or MacOS, wouldn't happen either on most Linux distributions
Where does it say it was OS encryption stuff?There are no Microsft or MacOS updates that will unencrypt a disk, its complete lies!
Where does it say it was OS encryption stuff?there is one update that will crash in Windows 10 if disk is encrypted but it certainly wont dis-encrypt it.
Where does it say it was OS encryption stuff?Think of it like, how could a seperate update do this.. also if this were possible we'd have heard about it already!
telpis
Just for balance....
My laptop is encrypted at a HW layer, not at the OS.
The only update I can imagine impacting my encryption is a BIOS update, or disk firmware update.
One hypothetical could be that encryption was intentionally removed as a pre-step to some other update and either that update failed or the encryption was never redone at the end.
Another possibility is that the data never was encrypted and perhaps there is no policy on this internally but realising how bad that sounds a "press release" has been issued.0 -
Join Date:Posts: 17390
Henry Ford III wrote: »Seems there are avenues open to seek redress and compensation.......
How is there avenue for compensation? What damages or losses have you financially sustained by this?0 -
Henry Ford III wrote: »Henry Ford III wrote: »Seems there are avenues open to seek redress and compensation.......
How is there avenue for compensation? What damages or losses have you financially sustained by this?
You have to prove that you suffered damges as a result, again how will you prove that your phone number was obtained by an unscrupulous person who then contacts you to scam money from you? I hardly give out my number yet in the last 2 days i received 3 calls from a number on the congo as has my work mate.
Edit: 2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.
This part is important too as it states that Eir may be liable if it didnt follow protocol, seems like they did up to an extent but id like to see how this plays out with the Data Protection Comissioner0 -
Advertisement
-
Henry Ford III wrote: »Seems there are avenues open to seek redress and compensation.......
How is there avenue for compensation? What damages or losses have you financially sustained by this?Just got the email today stating they had a breach and my information was among those lost. Yesterday was the end of my contract with Eir. Fitting end to a poor service. I hope they get a hefty fine from breaching GDPR. And if I start getting dodgy calls, emails I'll be in contact with them soon.
How will you prove any dodgy emails or calls came from their data breach of this laptop?0 -
This would not happen on Microsoft or MacOS, wouldn't happen either on most Linux distributions
Where does it say it was OS encryption stuff?There are no Microsft or MacOS updates that will unencrypt a disk, its complete lies!
Where does it say it was OS encryption stuff?there is one update that will crash in Windows 10 if disk is encrypted but it certainly wont dis-encrypt it.
Where does it say it was OS encryption stuff?Think of it like, how could a seperate update do this.. also if this were possible we'd have heard about it already!
telpis
Just for balance....
My laptop is encrypted at a HW layer, not at the OS.
The only update I can imagine impacting my encryption is a BIOS update, or disk firmware update.
One hypothetical could be that encryption was intentionally removed as a pre-step to some other update and either that update failed or the encryption was never redone at the end.
Another possibility is that the data never was encrypted and perhaps there is no policy on this internally but realising how bad that sounds a "press release" has been issued.0 -
Join Date:Posts: 17390
Non material damage is the lack of care of my personal data I'd have imagined.0 -
This would not happen on Microsoft or MacOS, wouldn't happen either on most Linux distributions
Where does it say it was OS encryption stuff?There are no Microsft or MacOS updates that will unencrypt a disk, its complete lies!
Where does it say it was OS encryption stuff?there is one update that will crash in Windows 10 if disk is encrypted but it certainly wont dis-encrypt it.
Where does it say it was OS encryption stuff?Think of it like, how could a seperate update do this.. also if this were possible we'd have heard about it already!
telpis
Just for balance....
My laptop is encrypted at a HW layer, not at the OS.
The only update I can imagine impacting my encryption is a BIOS update, or disk firmware update.
One hypothetical could be that encryption was intentionally removed as a pre-step to some other update and either that update failed or the encryption was never redone at the end.
Another possibility is that the data never was encrypted and perhaps there is no policy on this internally but realising how bad that sounds a "press release" has been issued.
Maybe a bunch of laptops did not have the encryption reapplied after whatever update roll out occurred.
That scenario would be covered by "a faulty security update" but would more correctly be 'a faulty security update procedure'.
This might be the more likely.0 -
Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.
- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone0 - physical pain suffered;
-
Advertisement
-
Join Date:Posts: 17390
Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.0 - physical pain suffered;
-
Henry Ford III wrote: »Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.
- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.
Being worried about something doesnt fall under the Non-Material Damage definitions.
Duty of care yes but how the data was lost will be reviewed by DP commisioner and if found that they have failed in that regard by their own negligence Eir will be fined by them
Nothing stopping you contacting a solicitor though to try and take a case but id be of the opinion they will tell you that without any valid financial loss due to the loss of this data you wont any claim for compensation,not to mention anyone who has the data in question wont be able to cause you any financial loss because they are in possesion of it.
Reminder that Eir lost two laptops about 8 years ago with customers details on it under similar circumstances and i dont recall any cases being brought against them by the public to claim compensation and the rights of people under the data protection act then are pretty much the same under GDPR0 - physical pain suffered;
-
Thanks for the input, i think you're right with your two possibilities above, but from their statement "In this case the laptop had been decrypted by a faulty security update the previous working day, which had affected a subset of our laptops and has since been corrected." - it sounds as if they are telling us it was directly done by this update, which is of course lies. Having worked in IT Security for a number of years I realize that mistakes do happen but I do think that if a company blatantly lies to their customers it is important they are called out on this. The details of what was stolen wasn't all that bad and in my opinion is forgivable, what is not acceptable is the way eir has gone about explaining this.
oh, I agree. Any lies need to be called out for sure.
And my position has always been, that I dont believe the reasons given for lack of encryption and that this, to me, is (should be) the single focus of wrong doing.0 -
Join Date:Posts: 17390
Henry Ford III wrote: »Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.
Being worried about something doesnt fall under the Non-Material Damage definitions.
Duty of care yes but how the data was lost will be reviewed by DP commisioner and if found that they have failed in that regard by their own negligence Eir will be fined by them
Nothing stopping you contacting a solicitor though to try and take a case but id be of the opinion they will tell you that without any valid financial loss due to the loss of this data you wont any claim for compensation,not to mention anyone who has the data in question wont be able to cause you any financial loss because they are in possesion of it.
Reminder that Eir lost two laptops about 8 years ago with customers details on it under similar circumstances and i dont recall any cases being brought against them by the public to claim compensation and the rights of people under the data protection act then are pretty much the same under GDPR
"mental anguish or fear". It's in your own definition above. There's no need for a financial loss. Eir failed under their D.P. obligations and caused me fear because of it.
To me that's pretty clearcut.0 - physical pain suffered;
-
Henry Ford III wrote: »Henry Ford III wrote: »Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.
- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.
Being worried about something doesnt fall under the Non-Material Damage definitions.
Duty of care yes but how the data was lost will be reviewed by DP commisioner and if found that they have failed in that regard by their own negligence Eir will be fined by them
Nothing stopping you contacting a solicitor though to try and take a case but id be of the opinion they will tell you that without any valid financial loss due to the loss of this data you wont any claim for compensation,not to mention anyone who has the data in question wont be able to cause you any financial loss because they are in possesion of it.
Reminder that Eir lost two laptops about 8 years ago with customers details on it under similar circumstances and i dont recall any cases being brought against them by the public to claim compensation and the rights of people under the data protection act then are pretty much the same under GDPR
"mental anguish or fear". It's in your own definition above. There's no need for a financial loss. Eir failed under their D.P. obligations and caused me fear because of it.
To me that's pretty clearcut.
You realise to prove this you will need to go to a doctor and have them independently assess you and confirm the fact that your name,account number,emal and phone number were lost and this has effected you to such an extent you live in a state of constant "fear" and it has adversely effected your life and have evidence to support this in a court case?
How are you living in fear by the way?0 - physical pain suffered;
-
Join Date:Posts: 17390
Henry Ford III wrote: »Henry Ford III wrote: »Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.
Being worried about something doesnt fall under the Non-Material Damage definitions.
Duty of care yes but how the data was lost will be reviewed by DP commisioner and if found that they have failed in that regard by their own negligence Eir will be fined by them
Nothing stopping you contacting a solicitor though to try and take a case but id be of the opinion they will tell you that without any valid financial loss due to the loss of this data you wont any claim for compensation,not to mention anyone who has the data in question wont be able to cause you any financial loss because they are in possesion of it.
Reminder that Eir lost two laptops about 8 years ago with customers details on it under similar circumstances and i dont recall any cases being brought against them by the public to claim compensation and the rights of people under the data protection act then are pretty much the same under GDPR
"mental anguish or fear". It's in your own definition above. There's no need for a financial loss. Eir failed under their D.P. obligations and caused me fear because of it.
To me that's pretty clearcut.
You realise to prove this you will need to go to a doctor and have them independently assess you and confirm the fact that your name,account number,emal and phone number were lost and this has effected you to such an extent you live in a state of constant "fear" and it has adversely effected your life and have evidence to support this in a court case?
How are you living in fear by the way?
You do in your hole.
If you are worried about something it doesn't necessarily affect your physical or mental health. In this instance I'm worried that my data has been accessed and might be used by 3rd parties.
That doesn't require me coming out in spots or visiting my G.P. for depression.0 - physical pain suffered;
-
Henry Ford III wrote: »Henry Ford III wrote: »Henry Ford III wrote: »Henry Ford III wrote: »Non material damage is the lack of care of my personal data I'd have imagined.
- physical pain suffered;
- mental anguish suffered, due to loss of amenity, disfigurement, defamation of reputation and honor, violation of freedom and personal rights, and
- death of a close relative.
Not being smart but not of the above has happened due your name,account number,contact number and email "possibly" being in the hands of thief. The thief in question is probably a low life looking to make a quick bit of money and would highly doubtedly have connections to sell peoples data to someone so they can then "attempt" to scam them by email or phone
Eir have a duty of care over my data and have totally failed in that regard. We don't know the identity of the thief or what they could have done with my details.
I'm worried about it however.
Bingo.
Being worried about something doesnt fall under the Non-Material Damage definitions.
Duty of care yes but how the data was lost will be reviewed by DP commisioner and if found that they have failed in that regard by their own negligence Eir will be fined by them
Nothing stopping you contacting a solicitor though to try and take a case but id be of the opinion they will tell you that without any valid financial loss due to the loss of this data you wont any claim for compensation,not to mention anyone who has the data in question wont be able to cause you any financial loss because they are in possesion of it.
Reminder that Eir lost two laptops about 8 years ago with customers details on it under similar circumstances and i dont recall any cases being brought against them by the public to claim compensation and the rights of people under the data protection act then are pretty much the same under GDPR
"mental anguish or fear". It's in your own definition above. There's no need for a financial loss. Eir failed under their D.P. obligations and caused me fear because of it.
To me that's pretty clearcut.
You realise to prove this you will need to go to a doctor and have them independently assess you and confirm the fact that your name,account number,emal and phone number were lost and this has effected you to such an extent you live in a state of constant "fear" and it has adversely effected your life and have evidence to support this in a court case?
How are you living in fear by the way?
You do in your hole.
If you are worried about something it doesn't necessarily affect your physical or mental health. In this instance I'm worried that my data has been accessed and might be used by 3rd parties.
That doesn't require me coming out in spots or visiting my G.P. for depression.
Right so explain to me how you will get compensation?
Just fire off an email to Eir saying your worried and bam they send you a cheque?
What world are you living in? In fact i ask you to start a thread in the legal discussion forum and ask them in cases like how likely is it for someone to receive compensation based on "fear" of 3rd parties have inconsequential data about you
Also i never mentioned depression or "spots" but without any evidence it is effecting you in a significant way you wont get anywhere0 - physical pain suffered;
-
-
Many traveeling sales men have laptops and lots and lots of customers data on it, clients,their orders,locations etc, i still dont know why you can understand why a work laptop would be off site.....also they are not oblidged to tell you either other than to let you know what happened
Why would someone in sales need customers' details? They should be getting new customers0 -
Many traveeling sales men have laptops and lots and lots of customers data on it, clients,their orders,locations etc, i still dont know why you can understand why a work laptop would be off site.....also they are not oblidged to tell you either other than to let you know what happened
Why would someone in sales need customers' details? They should be getting new customers0 -
Advertisement
-
Any task that would normally be performed on the data while "at work" can be performed on the data while "not at work".
As I mentioned, that is only 1 scenario where the data would be validly stored on a laptop. There are other scenarios.
It sounds to me that your main point is that no one should be working outside of the office, thereby not ever taking a laptop outside of the office.
This is an unrealistic position to have in the modern world.
Even if it were the case, there will be situations where the data is still on a laptop and by it's nature of being portable, may be in a public place.
My main point is that anyone who would be working from home, or working on the road would have no need for a list of customer contact details. This is basic stuff.0 -
-
Not always, they have a list of current clients whos needs they meet every month, they could also be their point of contact, they may also need to contact them to advise of new products and services that may be of use to them. Plenty of reasons
Given the number of customers' details that are lost, it would be likely they are personal customers. They definitely don't have a point of contact (and probably find it very difficult to contact anyone in eir) and only get new product details by post or email.
OK, maybe they worked in marketing and were about to do a mailmerge. Guess that answers my question.0 -
Join Date:Posts: 17390
[*]
Right so explain to me how you will get compensation?
Just fire off an email to Eir saying your worried and bam they send you a cheque?
What world are you living in? In fact i ask you to start a thread in the legal discussion forum and ask them in cases like how likely is it for someone to receive compensation based on "fear" of 3rd parties have inconsequential data about you
Also i never mentioned depression or "spots" but without any evidence it is effecting you in a significant way you wont get anywhere
A solicitor specialising in the D.P. area is taking the case on a no foal/no fee basis.
He says it's a no brainer. Might drag out a bit but there's no doubt that Eir are liable. The quantum remains to be seen but he wouldn't take it on unless it'd pay him presumably?0 -
I've never worked in a large corporation that operated the way you describe.
It's always been the case that non "Standard Operating Environments" were blocked from accessing the corporate network for fear of malicious software.0 -
Henry Ford III wrote: »[*]
A solicitor specialising in the D.P. area is taking the case on a no foal/no fee basis.
He says it's a no brainer. Might drag out a bit but there's no doubt that Eir are liable. The quantum remains to be seen but he wouldn't take it on unless it'd pay him presumably?
Grand and will all other 37k customers be taking separate cases as well?
I find it hard to tell if you're being sincere or not but either way I'm done discussing this as I've said all I can on the subject0 -
Join Date:Posts: 17390
Henry Ford III wrote: »[*]
A solicitor specialising in the D.P. area is taking the case on a no foal/no fee basis.
He says it's a no brainer. Might drag out a bit but there's no doubt that Eir are liable. The quantum remains to be seen but he wouldn't take it on unless it'd pay him presumably?
Grand and will all other 37k customers be taking separate cases as well?
I find it hard to tell if you're being sincere or not but either way I'm done discussing this as I've said all I can on the subject
1/. No idea.
2/. Great.0 -
Any task that would normally be performed on the data while "at work" can be performed on the data while "not at work".
As I mentioned, that is only 1 scenario where the data would be validly stored on a laptop. There are other scenarios.
It sounds to me that your main point is that no one should be working outside of the office, thereby not ever taking a laptop outside of the office.
This is an unrealistic position to have in the modern world.
Even if it were the case, there will be situations where the data is still on a laptop and by it's nature of being portable, may be in a public place.
My main point is that anyone who would be working from home, or working on the road would have no need for a list of customer contact details. This is basic stuff.
I really don't see what qualifies you to say that.
I mean that's such a large leap of assumption that you'd have to be working in Eir and be intimately familiar with the data and person who lost the laptop to be able to say "they had no business having that data".
There are thousands of potential legitimate uses for customer data, and I would agree thousands of illegitimate uses of the same data.
I don't see how you can jump to the conclusion that it must be one of the illegitimate uses.
For example, it could be a database dump that was provided to the person to cross reference against another data set to highlight pre-sales opportunities.
This sort of thing goes on all the time.0 -
-
Advertisement
-
Seth Brundle wrote: »Remember that Class Actions are permitted under the Regulation but the right is there for each of the 37k "victims" to independently look for redress.
Again though they would need to prove damages and not potentional damages. I also doubt a judge will entertain the idea that 37k people will live in fear because their email address was stolen0
Advertisement