10,000 customers affected after four B of I laptops are stolen

BANK OF Ireland is to write to over 10,000 of its life assurance customers after laptops containing their confidential personal and financial details were stolen.

The four laptops belonging to Bank of Ireland Life were stolen at various dates last year, but the data protection commissioner and financial regulator were informed of the thefts only last Friday.

None of the stolen information was encrypted, although lesser forms of security, such as password protection, were in place.

This means that the information on the laptops could be easily accessed by a computer professional.

The information on the computers includes names and address, financial details and some medical records of the bank's life assurance customers.

Since it learned of the thefts, the bank has started a programme to encrypt the information stored on all 5,000 of its staff's laptops.

A bank spokesman said the staff whose laptops were stolen had informed "the appropriate authorities" in the bank only "in the past number of weeks", and the bank had then moved to inform the appropriate regulators.

The spokesman said there was no evidence of any fraudulent or suspicious activity relating to any of the 10,000 customers' accounts since their records were stolen.

He added that a full internal investigation had been ordered into the matter, and the affected customers would be written to shortly.

The four laptops were stolen from different staff members between June and October last year.

It is believed one laptop was taken from a Bank of Ireland branch, while the other three were in cars when they were stolen.

The spokesman was unable to explain why all four thefts came to the attention of the bank in recent weeks, months after they had actually occurred.

It is thought some form of internal audit may have resulted in the disclosure of the information.

In a statement, the bank said it regretted any concerns that the incident would cause to customers.

It said it was committed to moving as quickly as possible to allay these concerns.

The spokesman denied reports that the data protection commissioner and the financial regulator were investigating the bank's loss of customers' records.

However, he said that both regulators had asked to be kept informed of the bank's investigation into the matter.

Earlier this year there was controversy when a laptop belonging to the Irish Blood Transfusion Service, and containing the personal details of over 170,000 blood donors, was stolen in New York.

However, this information, unlike the records now stolen from Bank of Ireland Life, was encrypted.

At the time the data protection commissioner said the fact that the data was encrypted was a source of reassurance that it would not be misused.

© 2008 The Irish Times

This article appears in the print edition of the Irish Times