Loss of bank data ‘not a major incident’
But according to industry experts, the information contained on the device could be used to defraud bank customers and access their accounts.
However, deputy DPC Garry Davis said yesterday that it was most likely that the device was lost within the confines of the bank itself and not the product of a theft or fraud.
“We do not see this as a major data loss incident,” said Mr Davis. “It is most likely a one-off incident, against both the policy of the bank and of the Data Protection Commissioner. I feel the bank has been unfairly targeted and the loss is not worth more than a byline in a newspaper.”
In a statement, the bank said that most of the 894 customers whose details were on the mislaid device have been contacted.
The bank says that no financial information relating to the customers was stored on the memory device.
But risk experts say that a name, a contact phone number and the first line of a customers address provides more than enough information for someone who wants to carry out identity theft.
According to Conor Flynn of RITS, Information Security consultancy, “The banks are trying to play down the sensitivity of the information lost. But these are the building blocks that a fraudster would try to use to perpetrate some kind of fraud against an individual to try and access their financial records.”
“If I was interested in identity theft, the first thing I would do is look up a phone book, see if I could find this person’s name and address and take it from there.”
The customers were from all parts of the country with various relationships with the bank, including pension, life insurance, mortgages, personal accounts and business customers.
However, Mr Davis, said: “None of this is about defrauding.
“I have received an interim report from the bank and await a written one, but we do not regard this as a major incident. The chances are that the only way this information could be used is by picking up a phone, so we would advise anyone who receives a call not to give out any personal information. In the meantime, we are awaiting full details about how a Bank of Ireland staff member had this information on an unencrypted device.”
Bank of Ireland says that a full internal investigation is underway, but it has no reason to believe that the memory device has fallen into the wrong hands.
Last April, the bank disclosed that four Bank of Ireland laptops were stolen last year. They contained the details of 31,000 life insurance customers.
Separately, the personal details of 380,000 social welfare recipients were on a laptop computer which was stolen from a member of staff at the Comptroller and Auditor General’s office in April 2007.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
