380,000 pensioners’ details were on that missing laptop

So RTE says that laptop which was actually nicked/lost last year had 380,000 social welfare records on it. Holy shit.

Adrian will no doubt say that the data will never be accessed so it’s nothing to worry about. A granny in Kerry probably has the data, right?

While a junkie indeed might see a laptop valued at 50 quid and sell it on, where it ends up is another thing. Criminals are getting far more sophisticated in these matters as can be seen by the daily phishing attacks on banks, paypal and eBay in Ireland. There are enough gangs of criminals in Ireland into credit card theft and cloning now. Look at the Irish retailer website that got done over. It transpires that the criminals who had the credit card details waited months before trying out siphoning money from the cards.

I think I’d be more concerned with the data on that laptop than the fact that there are eircom modems in use by businesses. Which if cracked into could lead clever criminals to crack other passwords that may eventually lead them into gaining access to point of sales systems. That’s if the POS systems are connected to the same network as wireless modems. And no encryption is used for transmitting credit card details to the verifying server.

I’d be wondering why it took 16 months for this monumental fuck-up to be disclosed. Why are people are only being informed now? Why are banks are only being involved now? Why so long? Why was it not deemed a priority and why is it now an issue if it wasn’t for 16 months?

I’d also wonder how long the Data Protection Commissioner knew of the extent of this information? A few days, weeks, months, a year?

Other views: Brian, Digital Rights Ireland.

8 Responses to “380,000 pensioners’ details were on that missing laptop”

  1. Why do they put important shit on laptops? Shouldn’t it be on something a bit less portable?

  2. Brian Kenny says:

    I’d put the timeframe down to the deseperate sweeping under the rug measures.

  3. Brian Honan says:

    Damien

    I have long been an advocate for the introduction of mandatory data breach disclosure laws similar to those already in place within the United States. This means that once an organisation discovers it has suffered a data breach or data loss affecting personal information belonging to individuals then that organisation should notify those people affected. While we do have strong Data Protection legislation in place it is not possible for the Data Protection Commissioner to police every single organisation to ensure that they are taking the most appropriate steps to protect the personal data entrusted to them.

    Some companies have handled data breaches well, for example the Irish Blood Transfusion Board and Jobs.ie. However it appears that these are in the minority and this breach is an example where we are now only learning about the incident which occured last year. We no longer can depend on organisations to self regulate themselves and “do the honourable thing”. The government needs to take this bull by the horn and introduce legislation that will ensure organisations take their responsibilities of managing people’s private details seriously.

  4. Conor says:

    The wireless security on those eircom netopia routes is horrible.

    I remember generating a WEP code for my router at home and then doing the same for my friend who lived down the road and believe it or not they came out the same.

    I went out and bought a ZyXEL router in Dixon’s the next day.

  5. 73man says:

    Two questions:

    Why would an official need that many records on their laptop for use off-site?

    What’s going to be done to prevent state employees from taking so many records offsite?

  6. Mike says:

    What the fuck is this data stored on fucking laptops. Is it for “convenience” and why is it only being reported now.Data security my arse

  7. Gavin says:

    “16 laptops have been stolen from the office over the last 10 years”

    One would think they would have learned from previous experience and get their notebooks protected.

    Look back over the past month and see how many of these data breaches have occurred across offices in Ireland. Its a serious problem and its only a matter of time until the right criminal gets their hands on that personal data.

    As Brian Honan said the government needs to introduce legislation.

  8. Brian Honan says:

    @73man

    Those two questions need to be asked of all organisations including those in the private sector, just look at the recent Bank of Ireland losses of four laptops. In my line of work it is unfortunately a common theme across most companies that they either don’t know where all their data is or indeed how it is protected.