Eircom slammed for laptop and information loss

Irish Data Protection Commissioner Billy Hawkes has called the lack of Eircom's laptops "one of the vital serious breaches" his office has seen.

Speaking to the RTE radio station in Ireland, Hawkes said the character of the information, the long delay in telling people about it being compromised and the truth that it involved a communications company, that is subject to more stringent security standards, made the case particularly serious.

Eircom said there has been a reporting delay while it tried to determine what were breached, but Hawkes said this was not acceptable as "24 to 48 hours is our guideline for reports of such incidents, so it's very surprising to listen to that reason being given".

According to an announcement, the small print of 6,845 customers and 686 employees of Eircom's eMobile and Meteor firms were contained at the three stolen laptops, together with the checking account or mastercard details of 550 customers.

Two of the laptops, which was unencrypted, were stolen from offices in Dublin in December, while a 3rd laptop was stolen from the house of an employee. Eircom said the incidents were immediately reported to the police, and two separate investigations were ongoing; it also said there has been no evidence that the info in peril was utilized by a 3rd party.

It said: “Eircom treats privacy and protection of all data extremely seriously and we've taken the subsequent pro-active measures to deal with the location. As a precautionary step, we have now contacted the Irish Banking Federation, who has notified their members of the capability risk to data for affected eMobile and Meteor customers.

“A review of the group's encryption policy is under solution to ensure all computers and laptops are compliant with the group's encryption policy.”

Speaking to the Irish Independent, Eircom head of communications Paul Bradley said: “The personal data in danger includes details resembling an applicant's name, address and telephone numbers, in addition to quite a number documentation used to support a customer application reminiscent of passport and driver's licence details, various photo IDs or utility bills, which all may need been used to determine proof of identity.

“In some cases financial data including checking account or bank card details is likewise in danger.”

Hawkes said: “Encryption of laptops, where you do permit personal data to be stored on them, is bog-standard security and it is rather surprising that during two separate incidents, Eircom's laptops weren't encrypted.”

Stephen Midgley, global vice-president at Absolute Software, said: “It's clear that, as laptops and other mobile devices increasingly become essential work devices, maintaining security of shopper and corporate data is becoming ever more difficult.

“When managing personal and fiscal details companies must have greater safeguards in place to give protection to customers from the hazards of loss and theft inherent in mobile devices. Consumers will increasingly seek greater assurances from businesses concerning the protection in their data so it's crucial that firms make changes before irreparably ruining trust.”

Midgley said that the most important to security is strong data management and document security. “As device proliferation increases, the power to push and pull data from employee devices to make sure that crucial financial information and private data isn't simply saved to a tool or emailed out, turns into vastly more important,” he said.