Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

board gais stolen laptops

  • 17-06-2009 5:39pm
    #1
    Registered Users, Registered Users 2 Posts: 3,835 ✭✭✭


    looks like i,ll have to close my bank account,and all my direct debits,and restart all my direct debits in a new account,due to account details been stolen from boadr gais.


«1

Comments

  • Registered Users, Registered Users 2 Posts: 1,389 ✭✭✭Thanos


    horse7 wrote: »
    looks like i,ll have to close my bank account,and all my direct debits,and restart all my direct debits in a new account,due to account details been stolen from boadr gais.

    Really?!?!? What are you basing this on?

    There is no information yet that the data has been used in this way.
    Also as it was lost by Board Gais, who do you think would be liable for any loss to you account...................?


  • Closed Accounts Posts: 15,515 ✭✭✭✭admiralofthefleet


    here is a link from rte, im very worried as i have everything on DD


  • Closed Accounts Posts: 3,683 ✭✭✭Kensington


    Overreacting much?

    The only direct debit details they'd have is the one between yourself and Bord Gais. As for your banking details, what can they do with them? Presumably you only gave them bank account number and branch sort code - not credit/debit card numbers...


  • Registered Users, Registered Users 2 Posts: 7,971 ✭✭✭_Whimsical_


    There's a chance that details on stolen laptops may have been sold onto criminal gangs outside of Ireland in Russia or China. More than likely though it was an oportunistic robbery and all details on the laptops were immediately deleted so the laptops could be sold in Ireland. I don't think you need to cancel anything immediately. Just be vigilant and keep an eye on your account until you know more.


  • Registered Users, Registered Users 2 Posts: 7,971 ✭✭✭_Whimsical_


    Kensington wrote: »
    Overreacting much?

    The only direct debit details they'd have is the one between yourself and Bord Gais. As for your banking details, what can they do with them? Presumably you only gave them bank account number and branch sort code - not credit/debit card numbers...

    According to the Deputy Data Protection Commisioner in the wrong hands these details are enough to put you at considerable risk of identity theft or bank withdrawls.I thought it would be less serious but I presume he should know best.


  • Advertisement
  • Closed Accounts Posts: 3,683 ✭✭✭Kensington


    Any fraudulent activity, should it happen, will ultimately end up being covered by the bank. As you mention though, I'd say these laptops were nothing but a "chance" robbery where they'll simply be wiped, reloaded with a fresh copy of Windows and flogged on as second hand. Anyone suggesting you need to go changing your bank account or cards at this stage, is simply overreacting.


  • Registered Users, Registered Users 2 Posts: 3,835 ✭✭✭horse7


    well they have your name ,address,bank sort code,bank account,and with these details they can set up a direct debit from your bank account,and i dont see board gais covering the bill.theres noting on the board gais web site.and there are no statements from them saying they will cover any illegal d.debits.by the way the laptops were stolen 2 weeks ago.


  • Registered Users, Registered Users 2 Posts: 2,843 ✭✭✭Arciphel


    If you're that worried, then just open a new account and transfer your cash in there for a few weeks until it either blows over or they recover the laptops (not very likely :rolleyes:).

    I am a bit pissed off that Bord Gais kept their traps shut about this using the excuse that a garda investigation was underway - bad PR i think, would have been far better to come clean immediately.


  • Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭Sleipnir


    I'm amazed that the banking details of 75,000 people could be kept on an unencrypted laptop. How could a company like Bord Gais allow that?!?!?


  • Registered Users, Registered Users 2 Posts: 2,843 ✭✭✭Arciphel


    Because they are obviously complete mongos. But as usual, nothing will be done about it.


  • Advertisement
  • Closed Accounts Posts: 20,373 ✭✭✭✭foggy_lad


    Sleipnir wrote: »
    I'm amazed that the banking details of 75,000 people could be kept on an unencrypted laptop. How could a company like Bord Gais allow that?!?!?
    the same way the hse and banks can do it!


  • Registered Users, Registered Users 2 Posts: 4,503 ✭✭✭smelltheglove


    A few years back there were laptops stolen from the government, at the time I was receiving lone parents, before I met my husband. It wasnt until 2 or 3 years later that I received a letter to confirm that all of my details were on one of those stolen latops.

    I have never had any funny activity on my bank accounts, and they had details of both of my bank accounts, and nothing has ever come from it.

    I know you may want to be safe but I dont think there is a huge risk, most likely opportunists.


  • Closed Accounts Posts: 497 ✭✭Honda08


    horse7 wrote: »
    looks like i,ll have to close my bank account,and all my direct debits,and restart all my direct debits in a new account,due to account details been stolen from boadr gais.


    is john mullins still the cx of bord gais, ? i want to send him a strongly worded email but im not sure what the emaill addy is, is it @bge.ie or bordgais.ie?

    i tried both and the email bounced back as unknown,,,


  • Registered Users, Registered Users 2 Posts: 3,835 ✭✭✭horse7


    re;A few years back there were laptops stolen from the government, at the time I was receiving lone parents. that was the government giving you money,with these details someone can take money off you,and you dont know till you read a bank statement.


  • Closed Accounts Posts: 1 DarrenLaois


    i just talked to the Board gais support on the phone, they cannot say at the moment who is effected by this, but will let everyone who has had there details stolen know by next Wednesday or Thursday at the latest. AMAZING!!!


  • Registered Users, Registered Users 2 Posts: 3,835 ✭✭✭horse7


    did they say they will cover any inappropreiations.


  • Registered Users, Registered Users 2 Posts: 5,513 ✭✭✭Sleipnir


    horse7 wrote: »
    did they say they will cover any inappropreiations.


    Are your inappropriations showing?


  • Registered Users, Registered Users 2 Posts: 456 ✭✭twenty8


    Here is the official statement from Bord Gais.
    http://alturl.com/rq48

    There is little chance that this data can be used by anyone. Chances are that the laptop was robbed by kids and all data deleted within hours and then the laptop sold on. I am sure that Bord Gais said nothing because if they had then the thieves may become aware that they had something valuable and then an entirely different issue would have happened.

    Keep an eye on your account and if something happens then contact your back straight away. But very unlikely that anything would. Bord Gais are very responsible and I am sure they have more of the facts than we have.


  • Registered Users, Registered Users 2 Posts: 1,350 ✭✭✭skywalker_208


    this is a disgrace!
    anyone know how to switch to airtricity?

    I cannot understand why all these companies and government departments have this kind of information on laptops! Why isnt this information stored on servers in secure comms rooms?????


  • Closed Accounts Posts: 10,272 ✭✭✭✭Max Power1


    heres the link to Airtricity change over site

    airtricity


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 19,340 CMod ✭✭✭✭Davy


    Max Power1 wrote: »
    heres the link to Airtricity change over site

    airtricity

    it would be very interesting to see how many actually switch over because of this. Chances are fraud transactions wont happen but no one likes taking chances when it comes to there cash


  • Registered Users, Registered Users 2 Posts: 38,247 ✭✭✭✭Guy:Incognito


    horse7 wrote: »
    well they have your name ,address,bank sort code,bank account,and with these details they can set up a direct debit from your bank account,and i dont see board gais covering the bill.theres noting on the board gais web site.and there are no statements from them saying they will cover any illegal d.debits.by the way the laptops were stolen 2 weeks ago.

    and yet people managed to shop for years with cheques.

    Every cheque had the account number and sort code plus the persons name (and a copy of their signature) . A lot of places took contact details too. details


    People nowadays have this belief that once someone gets a hold of your 8 digit account number, they have the keys to your life.


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    I cannot understand why all these companies and government departments have this kind of information on laptops! Why isnt this information stored on servers in secure comms rooms?????

    That's what I thought too, after the last few incidents of laptops being stolen. There shouldn't be details of anyone, let alons 75,000 customers, on a laptop. There's absolutely no need for it what soever.
    Stekelly wrote: »
    and yet people managed to shop for years with cheques.

    And they give out their banking details, address and signature to strangers on the street just because they have a charity ID badge that I could print and laminate with my €12 Aldi laminator. Oh and a clip-board and high-vis jacket, every con-man's best friend. You can do anything as long as you have a high-vis jacket and a clip-board.


  • Closed Accounts Posts: 6,123 ✭✭✭stepbar


    God people get excited over awful stupid things :rolleyes:


  • Registered Users, Registered Users 2 Posts: 12,689 ✭✭✭✭TheDriver


    Wonder what airtricity have done with the stolen laptops..............(thinking some more conspiracy theories here....)


  • Registered Users, Registered Users 2 Posts: 270 ✭✭Fnergg


    I find it incredible that Bord Gais with all their purported media savvy attributes - their presence on YouTube, their Twitter account, their courting of the Irish blogosphere in the lead up to their launch into the domestic market back in Ferbruary, etc., - should have been so STUPID - as to have confidential details of 75, 000 (!!!!) customers on an unencrypted laptop.

    On a bloody laptop! What the hell was the data doing there? And unencrypted!

    Clearly, there is a wide gulf - nay, a veritable chasm - between their marketing froth and the reality on the ground.

    I wouldn't trust those bozos as far as I could throw them.

    Regards,

    Fnergg


  • Closed Accounts Posts: 32 Mickelodian


    ER.... bank details ehh?

    "The incident occurred early on Friday 5 June when the Bord Gáis offices in Dublin and a number of adjacent offices were burgled."


    and

    "the information did relate in part to people who recently switched over from the ESB in the company's Big Switch " From RTE.ie

    okay....erm... would that be credit card details? and perhaps even the three numbers on the back of the card?... or are we talking just bank account details?

    Do Bord gas take credit cards on their website? If they do are a large chunk of 75,000 people now canceling their credit cards?

    If I had used that big switch I'd be hoping my next credit card bill didn't include a nice expensive bag of diamonds or something....bought while presumedly in amsterdam...

    What were a copy of 75,000 customers bank details doing on a bloody laptop anyway?... are they carrying our stuff around on usb sticks too??? Man....lets hope those burglars are just after a quick resell for drugs or something...


  • Closed Accounts Posts: 3,683 ✭✭✭Kensington


    Certainly, it needs to be seriously looked as to why customer details are stored on a laptop, never mind unencrypted or the fact there were 75,000 customers!!! You would have thought after the bank fiasco last year, every company would have made it priority number one to clamp down on security. The banks have learned from their mistakes with a complete overhaul of laptop security and how data is stored. Confidential data should never be stored on laptops or USB keys, but encrypted on back-end servers. Anyone requiring access should then be able to securely tunnel in remotely and access the data securely.

    However, there is no need for anyone to be resorting to drastic actions like closing / cancelling either direct debits or accounts.


  • Registered Users, Registered Users 2 Posts: 456 ✭✭twenty8


    There is no credit card data - it would all be bank account information as someone said was always on the bottom of cheques!!

    Not sure if Airtricity is completely innocent either - did they not have an incident a while back where all their customers data was available on their website??


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,992 ✭✭✭✭partyatmygaff


    Whats the fuss about like?

    Lets say I work as a sales rep for whatever and get paid by cheque. I ask for Name address phone etc

    So now I have their full name, their address, their phone and their sort code and bank A/C no.

    Does this mean I can waltz up into their bank and make a withdrawl from their account?

    No


    An A/C no and sort code is quite surprisingly not enough to make a withdrawl.


  • Registered Users, Registered Users 2 Posts: 270 ✭✭Fnergg


    Whats the fuss about like?

    Lets say I work as a sales rep for whatever and get paid by cheque. I ask for Name address phone etc

    So now I have their full name, their address, their phone and their sort code and bank A/C no.

    Does this mean I can waltz up into their bank and make a withdrawl from their account?

    No


    An A/C no and sort code is quite surprisingly not enough to make a withdrawl.


    Jeremy Clarkson in the Sunday Times made the same point last year and proceeded to publish his bank account number and Sorting Code. Somebody successfully set up a Standing Order on his account.

    Regards,

    Fnergg


  • Registered Users, Registered Users 2 Posts: 481 ✭✭discostu1


    I'd forgotten about Mr Clarkson, for those who think "this is of no consequence" have a read. Thankfully we live in a country with a high level of regulation of the banking industry and NEVER have any issues with the quality of those employed or the standards they bring to the workplace :D

    http://news.bbc.co.uk/2/hi/entertainment/7174760.stm


  • Registered Users, Registered Users 2 Posts: 1,350 ✭✭✭skywalker_208


    who will be responsible if any money is taken from bank accounts because of this fiasco? Bord Gais? I doubt they will cover it!


  • Registered Users, Registered Users 2 Posts: 1,105 ✭✭✭db


    This was not just one breach of security - there are at least four measures that should have been in place
    1 The data should not have been on the laptop.
    2 The laptop should have been encrypted regardless of whether there was sensitive information on it.
    3 The laptops should have been physically secured with Kensington locks.
    4 Building security should not have allowed the theft to occur.

    If ANY of these measures had been in place there would be no problem. Bord Gais are saying that all laptops are now encrypted - what a joke. The HSE thought that all their laps were encrypted until some were stolen this week and it turned out that one of them wasn't encrypted.

    I use a laptop for work and if I was found to have sensitive customer data on it I would be fired. If I leave it unlocked on my desk it will be removed by security and my department head informed.

    To those that say "What's the fuss about" a criminal who knows what they are doing doesn't need much to get into your accounts. If the person who stole these laptops knows what they have, the data will be in eastern europe or India by now.


  • Site Banned Posts: 5,904 ✭✭✭parsi


    Fnergg wrote: »
    I find it incredible that Bord Gais with all their purported media savvy attributes - their presence on YouTube, their Twitter account, their courting of the Irish blogosphere in the lead up to their launch into the domestic market back in Ferbruary, etc., - should have been so STUPID - as to have confidential details of 75, 000 (!!!!) customers on an unencrypted laptop.

    On a bloody laptop! What the hell was the data doing there? And unencrypted!

    Clearly, there is a wide gulf - nay, a veritable chasm - between their marketing froth and the reality on the ground.

    I wouldn't trust those bozos as far as I could throw them.

    Regards,

    Fnergg

    Hmm. We've BGE dealing dodgily with laptops, ESB sending out solicitors letters , Lord knows what Airtricity's scandal will turn out to be.

    Basic fact is that companies don't care about your info.


  • Advertisement
  • Closed Accounts Posts: 32 Mickelodian


    Okay... so a lot of money was spent for people to change from using one state service they 'own' to another state service they 'own' and get a couple of bob off the bill... that in itself is a waste of public money..

    think of all the money spent on those fancy smancy ads with lucy whatsherhead! and a new website and all the money they spent in the papers etc.

    We are paying to move our account to a cheaper alternative all within the one company Ireland & Co.

    Now we find that two state agencies who incidentally can't even get people moved from one organisation to another because they have compatiilibity issues (thats why you're all still waiting for this big switch btw)

    Now we find out that some idiot leaves all the customers bank details on a laptop which is then 'coincidentally' stolen during a brurglary... this is all very James Bond...

    I've had enough of this... If I'm switching it'll be to Airtricity... at least if they screw up like this I can sue!

    With a semi state there will be an enquiry so that the evidence can't be used in a real court and the civil servents can keep their job regardless of their incompetence and then there would be talking in meetings for three years and all sorts of shenanigans..

    If a private company screw up you just take them to court and do them for damages and whatnot.


  • Closed Accounts Posts: 1,178 ✭✭✭dade


    chilly wrote: »
    According to the Deputy Data Protection Commissioner in the wrong hands these details are enough to put you at considerable risk of identity theft or bank withdrawals.I thought it would be less serious but I presume he should know best.


    someone having access to your account detail can be a serious risk, but all you have to do is carefully monitor all transactions of your account and contact your bank if there are irregularities.

    my personal opinion of the DPC is that they are inefficient, haven't a clue and have no powers to do anything. that's why no one was held accountable when social welfare information went missing on laptops and USB keys in the last few years, same when the banks notified of breaches, in one case i think almost a year or more passed before the customers received notice.

    the fact is that data protection has no clue what they can or can't do. I sent them an email recently on the powers they have for prosecution and I was told that they had no power to directly prosecute, that they refer the matter to the matter to the court, someone else was told they do have the power to directly processed, but prefer to let the "embarrassment" of a known breach be punishment enough. the feel that if a company looses data customers will be P'd off and leave and that company will then have to improve their practises. All well and good in theory but when the company doesn't have to actually inform the customer then that it might be hard for the customer to move because of a breach.
    chilly wrote: »
    There's a chance that details on stolen laptops may have been sold onto criminal gangs outside of Ireland in Russia or China. More than likely though it was an opportunistic robbery and all details on the laptops were immediately deleted so the laptops could be sold in Ireland. I don't think you need to cancel anything immediately. Just be vigilant and keep an eye on your account until you know more.

    I did my thesis on mobile device data breaches, the vast majority of laptop thefts are opportunistic, its stolen wiped and used by the thief or hocked so they can get a quick hit or sold down the pub.
    Sleipnir wrote: »
    I'm amazed that the banking details of 75,000 people could be kept on an unencrypted laptop. How could a company like Bord Gais allow that?!?!?

    Ask Bank of Ireland, AIB, various government departments. the truth is that there is no requirement under Irish or EU law for data to be encrypted on mobile devices under current data protection legislation. all they have to do is take reasonable measures to protect that data, but those measures are not defined.
    twenty8 wrote: »

    There is little chance that this data can be used by anyone. Chances are that the laptop was robbed by kids and all data deleted within hours and then the laptop sold on. .
    i would think this is the case, I'd say its an opportunistic theft by a kid/junkie/scummer that saw a window open and say a chance for a quick few quid
    twenty8 wrote: »
    I am sure that Bord Gais said nothing because if they had then the thieves may become aware that they had something valuable and then an entirely different issue would have happened.

    .

    under current Irish law there is no requirement for a company to inform a customer of a data breach unlike in the US in which 44 states have data breach notification laws (but no one Federal law). that's why when I think Bank of Ireland misplaced a few laptops no one was told for months/years except the data protection commission, same when the blood transfusion service had a laptop stoled in NYC. I believe Dermot Ahern was looking into mandatory notification but that process only began early this year.


  • Registered Users, Registered Users 2 Posts: 21,499 ✭✭✭✭Alun


    Stekelly wrote: »
    People nowadays have this belief that once someone gets a hold of your 8 digit account number, they have the keys to your life.
    Not only that, but in large swathes of continental Europe it's commonplace to pay many debts by direct payment to peoples bank accounts, and you need all their bank details to do that, sometimes including their address. Needless to say it's not a problem there so neither should it be here.


  • Closed Accounts Posts: 1,178 ✭✭✭dade


    db wrote: »
    This was not just one breach of security - there are at least four measures that should have been in place
    1 The data should not have been on the laptop.
    2 The laptop should have been encrypted regardless of whether there was sensitive information on it.
    3 The laptops should have been physically secured with Kensington locks.
    4 Building security should not have allowed the theft to occur.
    .

    who says they should have? there is no requirement under law for any of the above. granted all the above are within the bounds of good practise for securing data on devices only companies that are required to comply with the likes of SOX, SAAS70, ISO etc would have to employ the first three of these measures.

    like i said it is good practise, one i have implemented long ago in the company i work in and one i have put forward in my thesis for the protection of portable devices.

    the problem is like i said business do not HAVE to do any of this and that's why time and again we see this happening, I mean the day before we hear of 15 laptops stoled from the HSE, granted 13 were encrypted but this isn't the first time that the gov has experienced a mobile data breach and many ministers during Dail sessions have said that their department are implementing such measures and that was mid to late last year.
    db wrote: »
    If ANY of these measures had been in place there would be no problem. Bord Gais are saying that all laptops are now encrypted - what a joke. The HSE thought that all their laps were encrypted until some were stolen this week and it turned out that one of them wasn't encrypted..

    actually encryption is only good if the laptop is powered off, once powered on and the encryption key entered then you only have to access the OS security also it depends on if full or partial disk encryption is used, if only partial disk encryption is used that only some data is protected, the hard drive can be taken out of the laptop and plugged into a small usb chassis and the data that has not been encrypted read straight off it.

    a bolt cutters will solve the problem of your kingston lock, also the lock is attached to a slit on the laptop that is made of plastic, so could be broken off unless its one of those metal loops thats stuck on.
    db wrote: »
    I use a laptop for work and if I was found to have sensitive customer data on it I would be fired. If I leave it unlocked on my desk it will be removed by security and my department head informed..
    i fear your business is the exception rather than the rule, is it in the financial sector? must you comply with SOX?


    also in this article it claims that only 2% of breachea lead to identity fraud

    http://www.techdirt.com/articles/20051024/0443257.shtml


    some examples or recent breaches:

    Bank of ireland,
    Account information, addresses, and medical information of 10,000 on stolen laptops
    they waited about a year to tell data protection about it.
    http://datalossdb.org/incidents/963-account-information-addresses-and-medical-information-of-10-000-on-stolen-laptops


    Ireland Department of Social and Family Affairs
    Stolen laptop contains personal information for 380,000
    http://datalossdb.org/incidents/1084-stolen-laptop-contains-personal-information-for-380-000

    Northern Ireland Department Human Resources:
    Stolen laptop contained names, addresses, insurance numbers, dates of birth and bank account details 30000 records
    http://datalossdb.org/incidents/2093-stolen-laptop-contained-names-addresses-insurance-numbers-dates-of-birth-and-bank-account-details

    Bank of Ireland:
    Missing USB key with 894 customer account numbers, names and addresses
    http://datalossdb.org/incidents/1188-missing-usb-key-with-894-customer-account-numbers-names-and-addresses

    Irish blood transfusion service
    laptop and CD with 175000 records stolen in NYC

    http://www.independent.ie/business/technology/firms-need-to-open-up-to-laptop-theft-1322894.html


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Fnergg wrote: »
    Jeremy Clarkson in the Sunday Times made the same point last year and proceeded to publish his bank account number and Sorting Code. Somebody successfully set up a Standing Order on his account.

    Regards,

    Fnergg

    Yes, but the only reason the direct debit was allowed to go through, was because of the flaws that are inherent in that system. Signatures or proof are not required, mainly because if it's found that the direct debit is wrong, the bank must cover the loss to the customer.

    A criminal would find it hard to set up direct debits, as it's not as simple as just giving the two bank accounts and hey presto, all the money goes through. In Clarkson's case, someone set up a direct debit using his details, with the proceeds going to a registered charity that had direct debit capability. This is NOT the same thing as a criminal stealing money from your account.
    who will be responsible if any money is taken from bank accounts because of this fiasco? Bord Gais? I doubt they will cover it!

    BG will have to be liable, and if in the unlikely event that your details are used, you can sue them. Get a good solicitor if it happens to you.


  • Advertisement
  • Closed Accounts Posts: 1,571 ✭✭✭Mailman


    security procedures in place in my company for laptops:
    kensington lock
    bios password
    long non dictionary mixed cased alphanumeric password
    nothing kept on laptop hard drive.
    everything kept on network.
    security card needed to log on to network.
    really important stuff kept in vault locations and really important systems in DMZs.
    security officer in place.
    regular patching of all clients and servers.......
    and I don't even work with particularly valuable or sensitive data.

    if a thief can figure out who I am, where I work and get past all of that security they've earned the right to steal the data.

    and bord gais? unencrypted data stored locally on an unsecured laptop.


  • Closed Accounts Posts: 1,571 ✭✭✭Mailman


    BTW. I appear to be one of the 75,000 who had their bank details stolen.

    In the last 8 months I've been in contact with the data protection commissioner on another issue with a Company in the state where the Company was in breach of the Data Protection Act. I only recently got acknowledgement from them that the Company has now changed policy to comply with the data protection act. The breach was a very basic one that was obviously completely unacceptable but it still took eight months to get it corrected. The company was not punished and no negative publicity will be seen in the media. The company appeared to be very nonchalant in their dealings with the data protection commissioner. The Commissioner commands no respect.


  • Closed Accounts Posts: 1,178 ✭✭✭dade


    Mailman wrote: »

    kensington lock.
    bolt cutters but a good deterrant for opportunistic theft

    Mailman wrote: »
    bios password.
    i believe removing the cmos battery and power may remove this. at least id did back in the day. also plugging the hard drive into an external chassis will bypass the bios and mate the data readable unless encrypted.
    Mailman wrote: »
    long non dictionary mixed cased alphanumeric password.
    above USB chassis will negate the effective of this. but good practise.
    Mailman wrote: »
    nothing kept on laptop hard drive.
    everything kept on network..
    difficult to enforce in my experience. but a good policy

    Mailman wrote: »
    and bord gais? unencrypted data stored locally on an unsecured laptop.
    even if it was encrypted it's no guarantee of protection. I did my thesis on data breaches on mobile devices, a number of articles i read said that some users disable the encryption, or in one case in the US a government department hadn't encrypted the laptops properly so they were not protected.

    hell one report Carried out in US airports cited a number of individuals that left there laptop under the watchful eye of an unknown fellow passenger while they went for a leak.


  • Closed Accounts Posts: 1,178 ✭✭✭dade


    Mailman wrote: »
    The breach was a very basic one that was obviously completely unacceptable but it still took eight months to get it corrected. The company was not punished and no negative publicity will be seen in the media. The company appeared to be very nonchalant in their dealings with the data protection commissioner. The Commissioner commands no respect.

    yep that was a conclusion i drew in my thesis, they have no real power because there are no mandidoty laws under than "take reasonable measures to protect"


  • Closed Accounts Posts: 3,418 ✭✭✭Jip


    Plain and simply, as has been said, there should be no sensitive data stored on any local devices, it should have all been on servers.


  • Registered Users, Registered Users 2 Posts: 6,465 ✭✭✭MOH


    Davy wrote: »
    it would be very interesting to see how many actually switch over because of this. Chances are fraud transactions wont happen but no one likes taking chances when it comes to there cash

    I was already thinking of going to Airtricity after they took so long to process my switch, this is the last straw. Great FAQ they have:
    Were the laptops not encrypted?
    All of the laptops had levels of security on them – however only one of them had hard drive encryption – the remaining three had password protection.
    So, "no", then.


  • Registered Users, Registered Users 2 Posts: 1,105 ✭✭✭db


    Any form of security can be broken but each acts as a deterrant. As you say a bolt cutters will cut a kensington lock but an opportunistic thief probably wouldn't have one in his pocket. Internal procedures on having customer data on laptops can be enforced with regular audits and disciplinary measures. Properly secured database access will prevent users running adhoc reports to import data into excel.

    I'm a developer not a security expert but in my company there are strict controls over who has access to live data. The response from Bord Gais to this incident shows that they still don't "get it" when it comes to data security.


  • Closed Accounts Posts: 1,178 ✭✭✭dade


    db wrote: »
    Any form of security can be broken but each acts as a deterrent. As you say a bolt cutters will cut a Kensington lock but an opportunistic thief probably wouldn't have one in his pocket. .

    agreed and again that's one of our conclusions you make it less likely for the device to be stolen, use non standard laptop bags etc.
    db wrote: »
    Internal procedures on having customer data on laptops can be enforced with regular audits and disciplinary measures. Properly secured database access will prevent users running adhoc reports to import data into excel. .
    but are companies doing this? articles i read during my research found that in the majority of cases no one is held accountable for a breach be it internally or through prosecution. IIRC i can recall only two cases, both in the UK. one manager was sacked coz his laptop was stolen from his car. and one company was fined a fair bit in the UK by the financial regulator. I agree that there should be controls in place to prevent sensitive data leaving the network if not encrypted.

    db wrote: »
    I'm a developer not a security expert but in my company there are strict controls over who has access to live data. The response from Bord Gais to this incident shows that they still don't "get it" when it comes to data security.
    Board Gais are not the only ones, i worked in many firms that kept private data on portable devices and even though i suggested encryption it was deemed as unnecessary even after a break in and laptop theft.

    some business just don't understand the repercussions of a breach, as a developer you know about the man hours needed to develop your product, a lot of companies don't factor that into the cost of the breach, in the case of Boeing they had documents stolen by an employee, something to do with aircraft specs, proposals etc they valued the data at 380 million if it had got into the hands of their competitors. I assume that's through lost revenue/sales and previous expenditure in getting the projects to that stage.

    Even encryption isn't fool proof when you have reports of IT managers disabling the encryption or putting stickers on the laptop with the password on it.

    I think the best tool of all is user education. teach them about the risks involved. I mean all these laptops were stolen from a building. So as was said by others desk locks are a great deterrent for all but the most determined. my point of bolt cutters is that just that if the thief is determined then they will find a way.


  • Closed Accounts Posts: 32 Mickelodian


    Okay... so a lot of money was spent for people to change from using one state service they 'own' to another state service they 'own' and get a couple of bob off the bill... that in itself is a waste of public money..

    think of all the money spent on those fancy smancy ads with lucy whatsherhead! and a new website and all the money they spent in the papers etc.

    We are paying to move our account to a cheaper alternative all within the one company Ireland & Co.

    Now we find that two state agencies who incidentally can't even get people moved from one organisation to another because they have compatiilibity issues (thats why you're all still waiting for this big switch btw)

    Now we find out that some idiot leaves all the customers bank details on a laptop which is then 'coincidentally' stolen during a brurglary... this is all very James Bond...

    I've had enough of this... If I'm switching it'll be to Airtricity... at least if they screw up like this I can sue!

    With a semi state there will be an enquiry so that the evidence can't be used in a real court and the civil servents can keep their job regardless of their incompetence and then there would be talking in meetings for three years and all sorts of shenanigans..

    If a private company screw up you just take them to court and do them for damages and whatnot.


  • Closed Accounts Posts: 677 ✭✭✭darc


    Initially I hd no worries about this as I only gave bord gais the same details that are on my cheques (still use them once in a blue moon) and that those I give cheques to have my name / address.

    However, after further thought I realised that the person who has the computer is not the normal type of honest person you would give your bank details to and that with the bank details & address it would be possible for someone to attempt identity fraud.

    Its an outside chance and I'll simply be doing spot checks on my bank account just in case of anything untoward.


  • Advertisement
Advertisement