Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

MyHome.ie customers leaked online

  • 19-05-2021 11:30am
    #1
    Registered Users, Registered Users 2 Posts: 9,222 ✭✭✭


    Following on the from HSE's issues. It looks as if MyHome.ie has exposed 700,000 of their customer's compliance documents (driving licences, passports etc) on the internet.

    Personal data of MyHome.ie customers 'inadvertently' leaked online:
    https://www.thejournal.ie/myhome-ie-customer-data-leak-5441232-May2021/

    When is the money (including lost growth) Michael Noonan took in the Pension Levy going to be paid back?



Comments

  • Registered Users, Registered Users 2 Posts: 11,749 ✭✭✭✭wes


    Basically, IT is heavily underfunded in most organizations, and basically you get best effort from the IT staff. That is assuming it hasn't been outsourced to the lowest bidder, or even if the out source company is good, they aren't given enough budget to actually manage the infra correctly.


  • Registered Users, Registered Users 2 Posts: 7,872 ✭✭✭Fann Linn


    Not related to this case or the HSE case specifically, but could someone sue a body be they private or State if their info is leaked? Just asking the question because I see it that if there was a penalty or reaction for this type of thing, then bodies may improve their IT security.


  • Registered Users, Registered Users 2 Posts: 14,378 ✭✭✭✭jimmycrackcorm


    wes wrote: »
    Basically, IT is heavily underfunded in most organizations, and basically you get best effort from the IT staff. That is assuming it hasn't been outsourced to the lowest bidder, or even if the out source company is good, they aren't given enough budget to actually manage the infra correctly.

    It's not so much underfunding as a lack of maturity in anti-cybercrime as an IT activity. Many organizations won't have any security specialists, not because of a lack of funding, but a lack of understanding of what is required.


  • Posts: 3,801 ✭✭✭ [Deleted User]


    Why do people upload passports to MyHome?


  • Registered Users, Registered Users 2 Posts: 11,217 ✭✭✭✭B.A._Baracus


    I would chalk that up to "human error" :p
    Be it the developer in charge didn't realize the data was in a folder on the server or simply did not care that day and marked the job as done :pac:


  • Advertisement
  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    Fann Linn wrote: »
    Not related to this case or the HSE case specifically, but could someone sue a body be they private or State if their info is leaked? Just asking the question because I see it that if there was a penalty or reaction for this type of thing, then bodies may improve their IT security.
    Yes. Question is though how do you/can you quantify damages?

    It's also a GDPR failure leaving potentially significant penalties in addition to any damages


  • Registered Users, Registered Users 2 Posts: 7,010 ✭✭✭Allinall


    I have uploaded my passport and driving licence details to so may sites ( Banks, Pension, insurance, hotels, airlines etc.)at this stage that I have no doubt if someone put their mind to it, they could find them online.

    It doesn't keep me awake at night.


  • Registered Users, Registered Users 2 Posts: 1,315 ✭✭✭Sam Hain


    Allinall wrote: »
    I have uploaded my passport and driving licence details to so may sites ( Banks, Pension, insurance, hotels, airlines etc.)at this stage that I have no doubt if someone put their mind to it, they could find them online.

    It doesn't keep me awake at night.

    I wonder does the Romanian you sleep soundly?


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    Just to add, many companies go through a massive exercise to protect their reputation if they are hacked. Many offer free credit checking (perhaps less relevant in Ireland). If someone gains financially from something like this, then it's clearly a cost to someone. If that's the consumer then compensation would be expected. Stealing an ID is not necessarily directly impacting on the consumer, but indirectly there can be a hell of a lot of hassle involved. That's where it becomes much more challenging to quantify any damages

    Many businesses will have insurance against such leaks. Typically though as soon as a claim arises premiums will rocket. The costs of upgrading IT systems and the like will usually be very substantial and that is unlikely to be covered by insurance (as it reflects lack of prior investment in the systems)

    Following a number of high profile cases many large businesses have invested massive amounts in adding additional layers of protection. Small to medium sized businesses are unlikely to be able to fund IT systems that offer maximum protection.

    Regardless of all of that, no system can ever be completely foolproof and there are limits to how much businesses can invest in improving systems. Many are arguably lucky that they are never targeted, or ignorant to the fact their systems have already been breached


Advertisement