Electric Ireland data breach

justmehere · 09-11-2023 4:00pm #1

What annoys me about this story is Electric Ireland (EI) telling its customers to basically f**k off and sort out the problem themselves.

When a hack like this happens in the US, the company pays for at least one year of credit monitoring and identitity theft on behalf of their customers whose data they mishandled.

"Electric Ireland have been told they may have to cancel the debit and credit cards they used to pay their energy bills. Those who pay Electric Ireland using bank accounts have been told to go back two years to check if their bank accounts have been hacked. Customers affected by the breach have been told to...watch out for any suspicious activity on their accounts."

"Customers were told that their financial information may have been compromised. And other personal details including their name and address, their email, phone number, date of birth and bank account details (IBAN) may also have ended up in the wrong hands."

"Those impacted were told...to “cancel the credit/debit card(s) that was used to make payments to Electric Ireland”. They were also told to “review your relevant bank account and credit card statements since October 2021, to identify if there is any suspicious activity which may indicate that your account has been compromised and subject to fraud”.

So EI just washes its hands and says, "Oh well, youse better keep on eye on those bank accounts. Lets hope no one takes out a massive loan in your name, using your details, and you end up with a huge debt burden through absolutely no fault of your own! Or wake up one day to find your bank account completely drained. Ok, nothing more we can do, sleep tight!"

Absolutely unbelievable they can get away with this.

Polar101 · 09-11-2023 6:58pm

My last Electric Ireland bill was five times the usual, because they entered the meter readings incorrectly. Definitely felt like my bank account was being scammed.

Hotblack Desiato · 09-11-2023 7:42pm

When a hack like this happens in the US, the company pays for at least one year of credit monitoring and identitity theft on behalf of their customers whose data they mishandled.

That's because in the US if someone gets hold of your social security number your life is basically over.

Pretty stupid though telling people to cancel a debit card if they're paying by direct debit (which surely most are as there's a discount), it won't help one bit.

EI can't exactly go trawling through the account details to see if dodgy payments were made. Only the account holder can do that.

The way RTE reported this on the 9 o'clock news was pretty sensationalist and irresponsble, a lot of elderly etc. will be freaked out over nothing. Anyone who needs to be contacted about this already has been (according to EI)

Loyal Lady · 09-11-2023 7:53pm

I haven’t received any letter this week stating that my account had been compromised but last week (for the first time ever) my direct debit was apparently rejected & I received a letter from EI saying it was my fault with insufficient funds. I called to my branch that day & they confirmed that there had been sufficient funds in my account when EI had tried to put the did through. I then rang EI to explain what had happened. Once I had outlined my situation to the customer service guy the line went dead. Hmmm

Clo-Clo · 09-11-2023 7:59pm

https://www.boards.ie/discussion/2058321881/electric-ireland-data-breach

They can't

GDPR means they can get fined.

Just need to complain

Gooser14 · 09-11-2023 7:59pm

https://www.boards.ie/discussion/comment/121348098#Comment_121348098

They didn't tell people who paid by direct debit to cancel their credit/debit cards. The instruction to cancel cards applied to those who paid by credit/debit card. Those who paid by DD were told to check their bank statements for unusal transactions going back two years.

Hotblack Desiato · 09-11-2023 11:07pm

The way RTE worded it was very unclear and misleading.

justmehere · 10-11-2023 9:18pm

https://www.boards.ie/discussion/comment/121348098#Comment_121348098

They don't have to - just offer the monitoring service to the affected account holders which they've already identified (allegedly), rather than washing their hands and telling their customers to look after the problem themselves.

Also, no mention of it on the Data Commission website? Do they not have to report this, even if it was via a third-party?

Cienciano · 10-11-2023 9:45pm

https://www.boards.ie/discussion/2058321881/electric-ireland-data-breach

It wasn't a hack. Someone working for a "3rd party company" accessed them

justmehere · 11-11-2023 5:57pm

https://www.boards.ie/discussion/comment/121353183#Comment_121353183

I'm sure the difference will matter when you get a call from your bank saying your bank account has been emptied 🙄

Electric Ireland data breach

Comments