Stolen laptops - bord gais

[elefantfresh]

Just after reading about some stolen laptops from the bord gais offices. A quote from todays Irish Times

"One of the computers, containing the banking details of about 75,000
people, was not encrypted."

This just has to have some sort of punishment doesnt it? How can a company be allowed to have such a lax set up? I'm completely stunned that they allowed this to happen.

 

[Graham_07]

I just can't understand how this is still going on with all the recent other cases. Furthermore why are they using laptops. Surely in an office desktop PC's should be the norm with all sensitive data on hard drives or external drives that can be locked away at night ( as I do ) . Why do staff in such offices need laptops? Do they work on them in the loo or on cig breaks or something ? Have they never heard of laptop cable locks ?

 

[wavejumper]

it gets better though, according to Managing director of Bord Gáis Energy Dave Bunworth "the stolen laptop containing the account details of 75,000 customers would be “very difficult to get into” despite it not being encrypted".

This is because "the data saved on it could only be accessed using a username and password.".

Priceless. They keep the full details 75.000 of their customers on laptops, oblivious to the idea of centralised secure database servers; they also think that a username and password lock will make it 'hard to get into'. Honestly, Ireland, the knowledge economy. What a laugh.

 

[Sherman]

I just can't understand how this is still going on with all the recent other cases. Furthermore why are they using laptops. Surely in an office desktop PC's should be the norm with all sensitive data on hard drives or external drives that can be locked away at night ( as I do ) . Why do staff in such offices need laptops? Do they work on them in the loo or on cig breaks or something ? Have they never heard of laptop cable locks ?

+1. If I was a salesman for Citrix or one of its competitors I'd be rubbing my hands with glee!

 

[galleyslave]

"the data saved on it could only be accessed using a username and password" what a muppet... I could get into that laptop in 5 minutes or less. I could get the data off in the same timeframe if I pulled out the drive... unless the datafiles were encrytped or password protected there's 0 safety. If they were secured, it would take longer, but still be feasible

 

[Guest116]

You dont know at what level that username and password is used. It may not be on the boot up or at the windows login screen. It may be part of another program on the laptop which itself encrypts the data as opposed to harddisk level encryption.

 

[wavejumper]

true, but why would they have some laptops with one kind of encryption and other laptops with a different kind of enctryption? I bet your man is just playing fast with the general belief people have that the basic windows OS login is secure.

 

[NOAH]

Ah but the killing line was " we have all our laptops encrypted now!! " priceless.

noah

 

[Graham_07]

75,000 customers are to get a letter about this, costing just for postage alone €41,250. How much would it cost to have encrypted the laptops in the first place ?

 

[RMCF]

AS someone who recently made "the Big Switch", and whose details are probably on that laptop, I am just wondering the legalities of it all should I check my account one day and its €1000 down.

Is it my fault, the bank's, or Bord Gais?

And who is liable?

 

[Graham_07]

AS someone who recently made "the Big Switch", and whose details are probably on that laptop, I am just wondering the legalities of it all should I check my account one day and its €1000 down.

Is it my fault, the bank's, or Bord Gais?

And who is liable?

Yours of course, didn't you know, the taxpayer always foots the bill. Actually, you'll probably be at fault for the other 74,999 customers ( including me ) as well

 

[Nermal]

75,000 customers are to get a letter about this, costing just for postage alone €41,250. How much would it cost to have encrypted the laptops in the first place ?

Sometimes it can actually cost a lot, because most people are too thick to remember passwords. Proper laptop encryption will permanently lock the drive after a few wrong password attempts.

 

[seriams]

My very suspicious work colleague reckons ESB were involved.

 

[RMCF]

My very suspicious work colleague reckons ESB were involved.

Or even worse, those thugs at AirTricity

 

[Graham_07]

Sometimes it can actually cost a lot, because most people are too thick to remember passwords. Proper laptop encryption will permanently lock the drive after a few wrong password attempts.

So it's ok to keep sensitive information in an unsecured environment due to cost of keeping it adequately secure ? I still don't see why they could not have used hardware or storage that is less portable. I keep a certain amount of sensitive data for clients electronically. Some of this is on desktop HD while working on file. All this is backed up to external HD daily on Iomega pre-set program. The external HD and any CD's then go to safe out of working hours. It's neither time consuming, expensive nor takes up much space. I can not envisage leaving a CD or portable HD / laptop on a desk overnight. I mean couldn't they just lock up the laptops on a night for heavens sake.

 

[Duke of Marmalade]

A bit of perspective please. I got the Bord Gais letter. I am one of the 75,000. So someone might find out my Name, Address, Bank Account No. and Sort Code. Quite a few people already have that info. So far as I am aware it can only be used to transfer money into my account and not out of it. People are welcome to make such transfers in.

 

[VOR]

A bit of perspective please. I got the Bord Gais letter. I am one of the 75,000. So someone might find out my Name, Address, Bank Account No. and Sort Code. Quite a few people already have that info. So far as I am aware it can only be used to transfer money into my account and not out of it. People are welcome to make such transfers in.

I'm with the Duke on this one. Any time you write a cheque you give your name and bank account number.

 

[Graham_07]

I'm with the Duke on this one. Any time you write a cheque you give your name and bank account number.

Yes, voluntarily. But is it too much to ask holders of such data to take reasonable care to avoid involuntary disclosure of that information?

 

[Mpsox]

A bit of perspective please. I got the Bord Gais letter. I am one of the 75,000. So someone might find out my Name, Address, Bank Account No. and Sort Code. Quite a few people already have that info. So far as I am aware it can only be used to transfer money into my account and not out of it. People are welcome to make such transfers in.

Enough information on these for a counterfeiter to create bogus cheques on your account, lodge them in overseas or use them to purchase goods and hope the bank doesn't spot that they're forgeries before funds/goods are released. You'd probably get your money back eventually from the bank, but do you need the hassle? I work in financial services, see these counterfeits coming in every day of the week

 

[samanthajane]

75,000 customers are to get a letter about this, costing just for postage alone €41,250. How much would it cost to have encrypted the laptops in the first place ?

My god thats a lot of money. Could they not have emailed the customers to tell them or called or sent a text message.