10,000 bank account details stolen

April 22, 2008

By Dan Collins


POTENTIALLY invaluable personal and account details of 10,000 Bank of Ireland customers, including passwords and medical histories, are missing.

Last night Data Protection Commissioner Billy Hawkes said the matter had been brought to his attention last Friday while the data . gathered by the bank's life assurance division and contained in four laptop computers - has been missing since last year.

Mr Hawkes said Bank of Ireland personnel had told his office that they became aware of the sensitive nature of what was contained in the stolen laptops last week.

The computers had not been encrypted.

The four computers that held the information on bank customers, including home addresses, bank account details and medical records, were stolen between June and October of last year.

One of the laptops was taken in a break-in at the home of a bank employee. The other three are understood to have been stolen from parked cars.

The theft was reported to gardaí at the time.

Mr Hawkes confirmed that none of the stolen laptop computers had been encrypted and all could be accessed by password.

Last night, a bank spokesperson confirmed four laptops were stolen and the thefts were only brought to the attention of the appropriate bank authorities in the past few weeks and a full internal probe was under way.

None of the affected customers have been informed by the bank of the data theft, but the bank said it intended to do so shortly.

However, in the interim the bank said it had monitored all of the customer accounts and .we can confirm that there has been no evidence of fraudulent or suspicious activity on any of these accounts..

"Bank of Ireland regrets any concerns that this incident will cause to customers, and is committed to moving as quickly as possible to allay these concerns," the bank stated.

The Data Protection Commissioner was unable to say how long his investigation was likely to take.

His office was due to have further meetings with key bank personnel to garner more facts about the case, and was at present in the initial stages of the probe.

Mr Hawkes said his primary objectives were to establish the level of risk to customers by the loss of the data, to see what steps can be taken to protect them, and to put in place measures to prevent a recurrence of such a serious breach in the bank.s information protection structures.

"It is the duty of organisations to keep personal information secure and to protect against potentially harmful leaks," said Mr Hawkes.

Earlier this year Taoiseach Bertie Ahern brought the theft in New York of a laptop containing personal details of Irish blood donors to the attention of the Data Protection Commissioner.

Mr Ahern spoke in support of making blood banking computer systems more secure in the event of computer theft.

In Britain last year disks containing the personal data of 25 million people went missing from a number of public bodies.

main page ATTRITION feedback