Eircell apologises to two customers affected by Internet security breach

Eircell has admitted a security breach in its e-merge Internet mobile portal which resulted in two customers being logged into…

Eircell has admitted a security breach in its e-merge Internet mobile portal which resulted in two customers being logged into each other's accounts, thus gaining access to e-mail facilities and account IDs.

The company apologised to the two customers yesterday after it emerged that Eircell had not responded to five separate complaints made to its support desk over the past three weeks.

The incident, which occurred three weeks ago, was similar to a recent security breach at Barclays Internet banking service in the UK when two customers logged on to the service at exactly the same moment, resulting in a crossover of accounts.

In Eircell's case, one of the two e-merge customers did not realise he was connected to the wrong account and sent several e-mails from the other party's e-mail address. This customer has since stopped using the system.

READ MORE

After becoming aware of the security breach, the other customer contacted the company on five occasions without response.

He later contacted The Irish Times. He said he had lost confidence in the e-merge system and was extremely annoyed with the lack of customer service.

When contacted by The Irish Times, Eircell said the problem was due to a "localised threading problem" in the software. This was caused by a bug in the programme which only came to light after a fivefold increase in customer registrations to the service during July.

Eircell claimed the company became aware of the potential software problem on July 25th and immediately fixed it. It said the company had also employed a firm of independent security specialists to monitor the service on an ongoing basis to ensure that no security breaches occur.

The e-merge mobile portal is one of Eircell's flagship products and has more than 20,000 subscribers. It enables customers to send and receive e-mails from WAPenabled mobile phones and desktop computers.

Discovery of the security breach at Eircell follows Eircom's hacking problems last week and is likely to further damage consumer confidence in Internet security.

Eircell is still investigating the breakdown of its customer service policy, which promises a response to any customer inquiry within 24 hours.

An Eircell spokeswoman said the company was treating the matter "very seriously".