Bank management kept in dark about laptop thefts
Senior management at Bank of Ireland were unaware for several months that four laptops carrying information on 10,000 customers had been stolen, it emerged tonight.
Even though the computers holding names, addresses, medical backgrounds and bank accounts details went missing up to 10 months ago, a high-level internal investigation only began in February.
Bank of Ireland insisted management sought to establish the full facts on the thefts and recover customers’ details before contacting the Financial Regulator last week.
“Our key priority is to reassure our customers. We certainly would not want to go to customers or the Regulator without the full facts,” a bank spokeswoman said.
It is understood the bank has identified a breakdown in communications for the delay.
The Regulator was told of the thefts last Thursday and the bank informed the Data Protection Commissioner on Friday and was planning to begin notifying customers.
Bank of Ireland Governor Richard Burrows put delays down to an internal bungle.
He said: “It’s an extremely embarrassing and very unfortunate situation.
“I’m horrified. There has been a very serious internal lapse and we have an investigation under way to find out why it was so.”
The Governor said an internal inquiry revealed three of the laptops were taken from cars and the fourth was stolen either from an employee’s home or branch and no fraud had been attempted on any account. The thefts occurred between June and October last year.
He said any customer who loses money as a result of the theft will be compensated.
Bank of Ireland said the thefts affected customers at the Drogheda, Dunleer, Bagnelstown, Court Place Carlow, St Stephen’s Green, Tallaght and Montrose branches.
Joe Meade, the Financial Services Ombudsman, said affected customers could be in line for compensation.
“If anybody feels they have suffered a loss or damage and have not been compensated or treated fairly by the Bank of Ireland, then they have a right to make a complaint to me,” the Ombudsman said.
“I will review all matters and decide if compensation will be paid or not.”
Under data protection rules Bank of Ireland could face fines up to €100,000 if the company was taken to court over the security breach.
But it is understood the bank has not broken any rules under the Data Protection Act.
The Financial Regulator said the thefts were being dealt with under data protection rules and it will co-operate with the investigation.
“Any failures which impact negatively on consumers are of particular concern,” it said.
Simon Coveney, Fine Gael communications spokesman, called for the Data Protection Commissioner to be given more powers.
“What we need to do is ensure that all organisations who deal with sensitive personal information must adhere to rigorous procedures in their use of this data,” Mr Coveney said.
Joan Burton, Labour Party deputy leader, said the bank’s failure to notify affected customers was unacceptable.
“There was little or no provision made by the bank to inform the affected customers about the thefts, and one is tempted to suggest that only when the media got hold of the story, did the bank make arrangements to contact the customers,” Ms Burton said.
“The arrangements made by the bank to protect customer information, were clearly inadequate.”
CONNECT WITH US TODAY
Be the first to know the latest news and updates
