August 24, 2018
Irish Telecommunications firm eir has disclosed that nearly 37,000 of its clients have been impacted by a General Data Protection Regulation (GDPR) breach which happened after the theft of a staff laptop.
The laptop, which was unencrypted, was stolen outside an office last weekend according to a statement issued by eir. The firm also disclosed that no financial data has been compromised because of the breach. Nevertheless, some customer data was affected including names, phone numbers, electronic mail details, and the account numbers of clients. The occurrence has been informed to the Irish Data Protection Commissioner according to GDPR, the new data protection law launched by the European Union on May 25 this year.
An eir representative said “There is no proof at this time that the data at risk has been used by a third party. In this instance, the laptop had been decrypted by a defective safety update the preceding working day, which had affected a subset of our laptops and was then resolved.”
He added that “Eir treats secrecy and safety of all data very seriously and our policy is that all business laptops must be encrypted as well as password safeguarded. We have started a program to get in touch with those clients whose data might be at risk. This is a consequence of the theft of one laptop, which was stolen offsite. No other private or financial data relating to clients was stored on the laptop in question.”
In spite of the device reportedly being an unencrypted laptop it was password-protected, a safety measure that would have avoided a non-tech savvy thief from gaining access to it.
Eir has dispatched letters through the post to notify impacted clients of the occurrence involving the laptop.
An official statement which the Data Protection Commissioner issued said “Eir has continued to update the Commission on this occurrence, and the corrective action being taken. Eir informed that out of the 1,484 laptops impacted, 1,438 laptops have been re-encrypted, a further 25 are re-encrypting or awaiting re-encryption and 21 remain unencrypted. Eir also verified that it will be contacting the people affected by the theft. The DPC continues to closely observe this position”.