# Bord Gáis stolen laptops: thieves could have access to set up their own direct debit!



## Brendan Burgess (17 Jun 2009)

*Summary in case you don't want to read the entire thread

*A laptop was stolen which contained your name, your address, your bank account number and your sort code.

It is very unlikely that the thieves or the new owner of the PC knows that they have this information. They probably have wiped the disk already.

This information is on every cheque you write anyway. They did not get any sensitive information. 

If someone has this information, then they can walk into a bank and try to withdraw money from your account. It is very unlikely that they would be given money.

They could try to set up a direct debit, but they would not get away with it. 

There have been no reports of anyone losing any money from their bank account through this theft.

*What should you do? *
Do what you should do anyway - check all transactions on your bank account to make sure that no errors have been made. Maybe do it weekly for a while instead of monthly.

*Other issues discussed in this thread 
*Why did Bord Gais not encrypt their laptops?
Should they be fined for this security lapse?


----------



## hopalong (17 Jun 2009)

*Bord Gáis customer details on stolen laptops: *is it safe to continue my bank account, as thieves could have access to set up their own direct debit,with all my details.



			
				 RTE said:
			
		

> *Bord Gáis customer details on stolen laptops*
> 
> *Wednesday, 17 June 2009 19:50           *
> 
> ...


----------



## theresa1 (17 Jun 2009)

*Re: board gais stolen laptops*

Contact your Bank directly - your hardly going to wait for the letter in the post next week from Bord Gais if you have been effected.


----------



## TSThomas (17 Jun 2009)

*Re: board gais stolen laptops*

Contact Bord Gais first surely? If they're going to send a letter to those affected by the theft then they already know whose affected.

Unlikely you'll get anything more than a "be vigilante, watch your bank statements for suspect activity" though...


----------



## ajapale (17 Jun 2009)

*Re: Bord gais stolen laptops*

Moved from Deposits, Savings and their Safety to Banking.


----------



## Complainer (17 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



hopalong said:


> *Bord Gáis customer details on stolen laptops: *is it safe to continue my bank account, as thieves could have access to set up their own direct debit,with all my details.


What information did you give to Bord Gais that doesn't appear on every cheque you have ever written?


----------



## Hobbs256 (17 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Can they also take a loan out in your name, and will you be liable to repay it.

That is the big question!!!!!

Your thoughts please.


----------



## ajapale (17 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



Complainer said:


> What information did you give to Bord Gais that doesn't appear on every cheque you have ever written?



Im not sure what BG ask for but I imagine they hold the following information:
Billing address (more than likely coincides with the address on the bank account)
Contact phone numbers and email addresses.

Perhaps they also hold credit histories and credit ratings?


----------



## Nermal (17 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



ajapale said:


> Im not sure what BG ask for but I imagine they hold the following information:
> Billing address (more than likely coincides with the address on the bank account)
> Contact phone numbers and email addresses.
> 
> Perhaps they also hold credit histories and credit ratings?



Don't need any of that to set up a direct debit.

They can't do much with sort code / account numbers really, there's not much to worry about.

However there's no reason to store them on a laptop.


----------



## corkrebel (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Hmmmmmm
 Saw this on Boards.ie, apparently Jeremy Clarkson felt that all this data protection stuff was tosh have a read

_I'd forgotten about Mr Clarkson, for those who think "this is of no consequence" have a read. Thankfully we live in a country with a high level of regulation of the banking industry and NEVER have any issues with the quality of those employed or the standards they bring to the workplace 
_
http://news.bbc.co.uk/2/hi/entertainment/7174760.stm


----------



## dewdrop (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I think some direct debits also contain addresses. In reply to Hobbs 256 you are not liable for a loan drawn in your name if it was not you.


----------



## Locke (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

What was the information doing on an unencrypted laptop? I would have expected this to be on their mainframe.


----------



## Emma1980 (18 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



Nermal said:


> Don't need any of that to set up a direct debit.
> 
> They can't do much with sort code / account numbers really, there's not much to worry about.
> 
> However there's no reason to store them on a laptop.


 
Well the application i filled out as part of the IFA Power which is in conjunction with Bord Gais, i had to fill out name, address, phone number, NAME OF BANK, BANK BRANCH, ACCOUNT NUMBER, SORT CODE....

Its not good enough at all!!


----------



## callybags (18 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



Complainer said:


> What information did you give to Bord Gais that doesn't appear on every cheque you have ever written?


 
Complainer has it right.

In order to set up a Direct Debit you must:
1. Have an original signed mandate by the payer
2. The originator ( Bord Gais, ESB, dodgy person) must have an Originator's Identification Number supplied by the bank. I know from experience that this is very difficult to get.

In order to access any bank account you need at least a password and often security questions answered. None of these are held by Bord Gais or any other bodies who may have direct debit mandates.


----------



## Towger (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

This is load of media hype. You can do next to nothing with Name, Address, Sortcode, Account number. Even if they did use them to direct debt accounts the banks would end up refunding everyone.

I have seen and had to fix some **** *** done by people/companies direct debiting. For this reason I don't like them, but RTE must have covered this non event story 4 times this morning.


----------



## lou2 (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

But somebody could go in to a bank branch and attempt to take out money in person if they have the a/c number and sort code could they not? I know that I am not always asked for ID when I withdraw relatively small sums of money (100-200), and I am not known at the bank so it's not as if they recognise me. If they did this to even a small proportion of the accounts that they have details of I think they would be making a fortune.


----------



## sandrat (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

You needed to give, name address, date of birth, email address, phone number, bank account name, bank account number, bank address.


----------



## colm (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

This is a load of hype over nothing.
For a company to set up to be paid by DD is very difficult. And it certinly could not be done by simply registering a compay name & opening a new bank account.
As has been said nothing can be done with a bank account & sort code. Think about it. When you are setting up online payments your service providor has to give you their account number sort code & address...
All this information is on your cheques etc...
You address is on the electoral register..
Relax


----------



## corkrebel (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



> For a company to set up to be paid by DD is very difficult. And it certinly could not be done by simply registering a compay name & opening a new bank account.
> As has been said nothing can be done with a bank account & sort code. Think about it. When you are setting up online payments your service providor has to give you their account number sort code & address...
> All this information is on your cheques etc...


 
You may be correct but if it can happen to Jeremy Clarkson..... see my earlier post, also when I had my account with ESB (I switched) I was on dd, they did not ask for a signed mandate, I gather that they, and I presume BGE and various other big companies get the bank acc sort code and name. They then do a bank run, and assuming that the details are correct, remember the bank do not know that the utility account number 
does not relate to Corkrebel but is actually in the name of say Brian Cowen money is transferred. I used to actually pay my mothers ESB account by my dd a year or two ago.
Your right the chances are small and I am convinced it is a bunch of kids who saw an opportunity. But it would be naive to believe there is no risk in my opinion at least


----------



## bond-007 (18 Jun 2009)

*Re: Bord gais stolen laptops: thieves could have access to set up their own direct de*



callybags said:


> Complainer has it right.
> 
> In order to set up a Direct Debit you must:
> 1. Have an original signed mandate by the payer.


Not at all. Many organisations don't ask for signed mandates.


----------



## Armada (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



lou2 said:


> But somebody could go in to a bank branch and attempt to take out money in person if they have the a/c number and sort code could they not? I know that I am not always asked for ID when I withdraw relatively small sums of money (100-200), and I am not known at the bank so it's not as if they recognise me. If they did this to even a small proportion of the accounts that they have details of I think they would be making a fortune.


 


This still goes back to the fact that any cheque will have that information written on it ie. sortcode and account number so how can one withdraw from the account? 

On a different note, I had an issue last week when funds were taken from my current a/c (€1k) via laser transactions. I had the card in my possession all the time but the user managed to pay bills etc by quoting my card number and expiry date. No pin or signature was required as it was all done(I believe) by telephone. The user is traceable in this particular case.

My card was never used in an ATM other than for initial validation and yet someone managed to use it fradulently.

Obviously this is a security loophole of a kind and yet it is probably happening regulary without it making headline news.


----------



## jack2009 (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Sure dont you hear stories of people getting the relevant information from just going through your bins!!!  Not very high tech but apparently if you know what you are doing you can make money from it.


----------



## lou2 (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

*"This still goes back to the fact that any cheque will have that information written on it ie. sortcode and account number so how can one withdraw from the account?"*

By simply walking in to a bank branch, filling out a withdrawal slip with the relevant details (obtained from the laptop) and withdrawing the money. I recently went in to a bank and withdrew money from my sisters account. She had given me the a/c number and sort code. I wasn't asked for ID. Surely, someone who has these details can do the same?


----------



## Guest116 (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

They compare the signature they have on file in a lot of banks when withdrawing.


----------



## moneyhoney (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



> By simply walking in to a bank branch, filling out a withdrawal slip with the relevant details (obtained from the laptop) and withdrawing the money. I recently went in to a bank and withdrew money from my sisters account. She had given me the a/c number and sort code. I wasn't asked for ID. Surely, someone who has these details can do the same?



If they let you do that - they shouldn't have. It's against every branch procedure of the bank I used to work for (one of the "big 2")


----------



## amtc (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I recently (accidentally as I happen to know the account number and mixed it up with mine) withdrew money from my mother's account with BOI. Not my own branch either (which also happens to be hers)


----------



## colm (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



lou2 said:


> *"*
> I recently went in to a bank and withdrew money from my sisters account. She had given me the a/c number and sort code. I wasn't asked for ID. Surely, someone who has these details can do the same?


I doubt it...
Would they be that stupid to get themselves caught on at least half a dozen cameras????



aristotle25 said:


> They compare the signature they have on file in a lot of banks when withdrawing.


Exactly... Or else they knew you.
I withdraw & cash cheques regularly from a company account without ID but thats because the staff know me..
Come on people think logically & stop being scared witless by the media.
How often do you see adverts for charities etc quoting Account Numbers & sort codes.
Virtually every utility bill you recieve will have this information on the payment slip.
Companies regularly give out this information to accept credit transfers.

If someone is really silly enough to walk into a bank full of cameras to make a fraudulant withdrawl & the person in the bank is silly enough to give them your money without making the relevant checks they they are at fault & will be refunding you anyway.


----------



## gipimann (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Is it just a co-incidence that the Bord Gais (gas) bills that are issuing this week aren't showing that the bill is paid by DD?

Work colleague got her gas bill earlier in the week, with a "pay by date" on the bottom of the bill.   No mention of "payment by DD on dd/mm/yy" which is the usual.   She knew she had a DD set up, phoned BG and was told that there was a "problem with printing", the DD was indeed in place, and she need do nothing more regarding the bill.

Got my own bill today and same situation.   I switched to BG electricity, she did not.

Have BG lost more than they think they have, or are telling us they have?


----------



## roker (18 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I guess I am lucky, I would not change over because I will not use DD. I had too much trouble in the past, companies not cancelling them etc. no control over payments if there is a dispute.
I also had an experience a few years ago when the bank sent me someone else’s cheque book, I was unknowingly writing the other persons cheques out and the bank was paying them. To my surprise I found out that they only check signature if it is over a €1,000


----------



## Complainer (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

The big problem (IMHO) is that the banks (to the best of my knowledge) will accept and permit an electronic direct debit payment by default. They don't actually have to get a signed mandate and set up 'permission' for the company to debit that account. It is only in cases of disputes that they go looking for the mandate.

This could easily be tightened up, by ensuring that the banks have to explicitly set up permission for a DD to start, and can withdraw this permission at any time.


----------



## bond-007 (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

The best solution is to abolish paperless DDs. Banks should be insisting on signed mandates. Of course the big users of paperless systems will resist this.


----------



## dubgal2009 (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Hey Guys. I work for Bord Gais and to be totally honest with you there is nothing to worry about. 4 laptops were stolen 1 of them had the Direct Debit details on them of customers who signed up before 29th of May the laptop had a very very strong password on it and there has been no suspicious transactions on any customers bank account. All the laptops are now encrypted. 

Usually what happens with stolen laptops the memory gets wiped within 24 hours and they get sold on.  Just keep an eye out on your bank accounts and if there is anything taken out of your bank your bank is liable to pay the full amount back to you.


----------



## bond-007 (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

BG should be fined heavily for this.


----------



## dubgal2009 (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

It's very unfortunate that the premise was broken into.


----------



## bond-007 (19 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Their insurance will cover it.


----------



## markpb (20 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



dubgal2009 said:


> Hey Guys. I work for Bord Gais and to be totally honest with you there is nothing to worry about. 4 laptops were stolen 1 of them had the Direct Debit details on them of customers who signed up before 29th of May the laptop had a very very strong password on it and there has been no suspicious transactions on any customers bank account.



You're totally wrong about the password. If the files are protected by a Windows password, the thieves can remove the hard drive from the laptop, put it into another computer and access all the files without needing any password at all. If the password is on Excel or another application, that's easy to break too. The only true protection is not having copies of the data and encrypting the one copy you do have.

I can't understand this lax attitude to personal data (not just aimed at you btw, but you demonstrate it too). I entrusted my personal details to your company and for some unknown reason, they were copied to other computers without encryption, the computers they were copied to were presumably left unprotected and now you and your PR department are telling me it's no big deal. That's completely unacceptable.

For comparison, my company deals with credit cards so we're PCI compliant. That means I have no access to the part of the building the servers are kept in, the admins who do have access, don't have the encryption keys to decrypt the card details and there are no laptops lying around with production data. It isn't rocket science - we just know that if we screw up, we go out of business. The same doesn't apply to BGE because they're a semi-state so no-one is responsible.


----------



## Hobbs256 (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Why were account details stored on a laptop in the first place?  This information should only be on a file server which is firewalled, encrypted and held in a strongroom which has restricted access.


----------



## colm (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



Hobbs256 said:


> Why were account details stored on a laptop in the first place? This information should only be on a file server which is firewalled, encrypted and held in a strongroom which has restricted access.


 
Can someone explain what bit of information was on this laptop that should be confidential???
You Give your AC number & sort code to everyone you write a cheque to.
BG & every other service providor give every customer their A/C number & sort code.
You name & address is also freely available.
Markpb  exactly what personal details did you entrust to BG that is so confidential?
Because when I sigened up thats the only info I gave them. I think you are really over reacting.


----------



## bond-007 (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Why defend the indefensible?


----------



## ajapale (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



bond-007 said:


> Why defend the indefensible?


.... because this is a public _discussion_ board?


----------



## bond-007 (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

/me bites tongue.


----------



## Complainer (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



bond-007 said:


> Why defend the indefensible?


It's not a question of defending it. I'm not defending BG's screw up. But the issue is still being over-hyped here on this board and in the media.


----------



## bond-007 (21 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I wonder will they be fined?


----------



## corkrebel (22 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Eeeeeh any one seen todays Daily Mail???

Just saw this one Boards.ie. If this is true they should be fined and fined heavily



> I was just having lunch and glancing at the newspapers, on the front page of the Daily Mail (I know, I know its the Daily Mail) there is a story saying that it wasnt 75k customers details IT WAS 140K,  they also say that something like 12k credit card details including the 3 digit code at the back of the card and everyones date of birth are also on the laptop.
> Now this could be total lies in which case I would expect BGE to roll out Johnny Mullins to confirm same, or it is true. If it is true I am starting to get worried. I cant find a link to the story on line and I only did a bit of speed reading but those are " the facts" as reported by the Mail.


----------



## bond-007 (22 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

If that is the case they should be made compensate each and every customer.


----------



## thedaras (23 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I recieved a letter today from Bord Gais,saying..

" As you may be aware ,four laptops were stolen from Bord Gais Energy on Friday ,5th June 2009. One of the stolen laptops *contained information including..*

Name

Address

Bank account details,"..

" Your name, address , bank account number ,and sort code were on the stolen laptop".
--------------------------
Im honestly not worried at all as I understand the chances of this information being used is minimal.
However it did state,"CONTAINED INFORMATION INCLUDING ". So what other information was on it?


----------



## samanthajane (23 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

The only information on those laptops were what you gave them. They shouldn't have any other personal information. 

I got the same letter today, and i'm not too worried about it. Any information they have if freely available if someone was to look hard enough. 

I do think that the laptops were stolen, wiped and sold on...the only issue i would have with this would it not of been easier to steal laptops from else where? 

When the bf got home i told him and he over reacted over the situation so he called the bank and he was told that they have been made fully aware that his details may have got into the wrong hands, and his account has been flagged in a way to look out for suspicious transactions. So if someone was to try and set up a standing order or DD on his account he would be notified to ask if this was a real transaction that he had set up. And it wouldn't be fully set up that money could come out of his account untill he had confirmed such. 

With this in place i dont see how our accounts are going to be effected.


----------



## Brendan Burgess (23 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

_To save people who are only worried about the risk to themselves reading this entire thread I have put the following summary as the first post.  _
*

Summary in case you don't want to read the entire thread

*A laptop was stolen which contained your name, your address, your bank account number and your sort code.

It is very unlikely that the thieves or the new owner of the PC knows that they have this information. They probably have wiped the disk already.

This information is on every cheque you write anyway. They did not get any sensitive information. 

If someone has this information, then they can walk into a bank and try to withdraw money from your account. It is very unlikely that they would be given money.

They could try to set up a direct debit, but they would not get away with it. 

There have been no reports of anyone losing any money from their bank account through this theft.

*What should you do? *
Do what you should do anyway - check all transactions on your bank account to make sure that no errors have been made. Maybe do it weekly for a while instead of monthly.

*Other issues discussed in this thread 
*Why did Bord Gais not encrypt their laptops?
Should they be fined for this security lapse?


----------



## sandrat (27 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Since when is you home address on a cheque?

You can set up a direct debit on the internet or over the phone without providing a signature but all banks of customers whose details were on the laptop have been informed and an alert has been placed on those accounts


----------



## colm (27 Jun 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



sandrat said:


> Since when is you home address on a cheque?


Its not but its common knowledge. The electoral register for one.
An address is hardly confidencial information.


----------



## MANTO (1 Jul 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

Maybe we should ban the phone book too


----------



## colm (1 Jul 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

And if thats not enough for some paranoid people take down all the roads signs & take the numbers off your door.
Then the postman could everyone mail in a box at the top of the road & everyone goes up to collect it so no one knows where you live..
Hang on................. No that would be a security risk wouldn't it.??
Hmm   probobly safer to tell people my address after all


----------



## jamesoshea (1 Jul 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*

I'm refusing to sign-up to direct debits anymore. Its a like signing a blank cheque and sending it off to one of these places.


----------



## colm (1 Jul 2009)

*Re: Bord Gáis stolen laptops: thieves could have access to set up their own direct de*



jamesoshea said:


> I'm refusing to sign-up to direct debits anymore. Its a like signing a blank cheque and sending it off to one of these places.


 
Please explain...!!
They can only take whats on your bill.


----------

