View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 12, 2012

Eircom confirms data breach after unencrypted laptop theft

Data Protection Commissioner slams Irish telecoms giant for "bog standard" security failings

By Vinod

Irish telecoms firm eircom has confirmed the theft of three laptops containing personal information of over 7,000 customers.

According to the Irish Independent, details of more than 7,000 mobile phone customers and employees were compromised while bank account or credit card details of 550 eMobile and Meteor customers was also potentially at risk.

Two of the laptops were stolen from eircom’s Dublin offices in December last year while the third was taken from the home of an employee. It was this laptop that contained the names and address of nearly 700 eircom employees, the Irish Independent says.

The laptops stolen from eircom’s office contained personal information of 6,441 eMobile business customers. Nearly 150 of these contained financial or bank details. Another file contained details of just over 400 Meteor post-pay customers, the report said.

The laptops were not encrypted.

Paul Bradley, head of communications at eircom, apologised to customers and said two separate investigations are underway. He added that no evidence had yet been uncovered that the data had been used by a third party.

However, the group was slammed by Irish Data Protection Commissioner Billy Hawkes. Speaking to RTE, he said the breach is one of the "most serious" his team had faced, "For two reasons: Because of the nature of the financial data that was on the unencrypted laptops puts people at risk of data theft and secondly the long delay in telling people that their data had been compromised and giving them the opportunity to protect themselves."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Hawkes said that data breaches should be reported within 24 for 48 hours and that eircom’s explanation that it was waiting to find out what data was on the laptops before notifying people was "not acceptable".

He was said that encryption on laptops that contain personal information is "bog standard security" and that it is "extremely surprising that in two separate incidents eircom laptops were not encrypted."

The Data Protection Commission confirmed it is investigating the incident.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.