Bord Gáis customer details stolen


Some 75,000 Bord Gais customers have been warned to monitor their bank accounts for suspicious transactions after a laptop computer containing their account details was stolen.

The office of the data protection commissioner told those affected that fraudsters could potentially use their information to withdraw money from their accounts or take out loans in their name.

“The risk may be low but there is a risk,” said deputy data protection commissioner Gary Davis.

Four laptops were stolen from Bord Gáis offices on Foley St in Dublin’s north inner city in the early hours of June 5th.

One of the computers, containing the banking details of around 75,000 people, was not encrypted.

The laptop contains details such as account numbers, home addresses and branch details of people who had recently switched from the ESB as part of Bord Gais’s “big switch” campaign.

Bord Gáis plans to write to all of the customers tomorrow. It has also begun contacting the main banks to inform them how many of their customer’s details are on the non encrypted stolen machine.

The managing director of Bord Gais Energy, Dave Bunworth told The Irish Timeshe “deeply regretted” the theft a machine that was not encrypted.

“We have had an aggressive system of encrypting since last July and this computer should have been encrypted before it was given to the staff member; it was a flaw in the system.”

Mr Bunworth added while the machine was not encrypted, the data saved on it could only be accessed using a username and password.

The Irish Timesunderstands gardaí believe they know who broke into the Bord Gáis offices and nearby premises last Friday week. However, the stolen goods have not yet been found.

Gary Davis said the office of the data protection commissioner was informed by Bord Gais immediately the robbery took place.

Bord Gáis confirmed with the commissioner’s office last Thursday that one of the laptops was not encrypted. This was a cause for concern, Mr Davis said.

The commissioner’s office advised Bord Gáis to release news of the theft.

However, gardaí informed the company they were working on a definite line of inquiry and it was decided that no public comment would be made until certain lines of inquiry were exhausted.

When the Garda investigation yielded nothing Bord Gais decided to make a statement at 6.30pm today announcing the theft. Media outlets became aware of the planned announcement and it was brought forward to 5.30pm.

The latest theft comes only a day after it was revealed that the Health Service Executive (HSE) and gardaí were investigating the theft of 15 laptops in Roscommon town.

The HSE confirmed tonight that information on one unencrypted laptop contained sensitive details relating to a social worker’s case notes involving nine families.

“The HSE deeply regrets any upset caused to the individuals affected by this robbery and appeals to those who stole the laptops to return them at any Garda station,” said a HSE spokeswoman.

“We will now endeavour to personally inform all of the families and individuals involved and offer a personal briefing tomorrow with local HSE staff.

“They will be given a letter advising them in relation to the theft of the laptop and the compromised information.”

Labour Party spokeswoman on energy and natural resources Liz McManus said the failure to secure confidential information of customers was "completely unacceptable".

"The loss of four lap tops, including containing the details of some 75,000 customers may be excusable, but the abject failure to encrypt the customer details on the computer, is not," she said

"In a week when 15 HSE laptops were stolen from an office in Roscommon, it is clear that companies and other agencies who store peoples information on laptops, are not exercising the necessary vigilance."

Ms McManus called for a series of measures to be introduced to ensure that security of personal information.

"Computer devices of all types must be encrypted and protected with strong passwords systems. We should begin to move away from a situation where huge amounts of personal information like this can be carried around and lost or stolen. Public bodies should move to a web-based system of information, which can be accessed from remote points, but which is not vulnerable to theft of devices."

Fine Gael's spokesman on communications, energy and natural resources Simon Coveney called for mandatory encryption of sensitive customer data

"Consumers need greater protection and Fine Gael wants to strengthen the Data Commissioners' hand by introducing mandatory encryption of all sensitive personal data carried portably. This obligation should have been brought into force years ago but, in just four days, we have seen the dire need for it," he said.

"If the theft of fifteen HSE computers in Roscommon isn't enough to spur the Government into action on the issue of personal data security then maybe the fact that 75,000 Bord Gáis have now seen their sensitive bank
data compromised must force the Minister's hand."