Comments on: Bank of Ireland: Do we look bovered at your data loss? http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/ Invisible people have invisible rights Tue, 31 Jan 2012 15:55:22 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Justin Mason http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/comment-page-1/#comment-734881 Justin Mason Wed, 23 Apr 2008 10:19:46 +0000 http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/#comment-734881 I blogged about this on taint.org: http://taint.org/2008/04/22/103400a.html as I noted there, using stolen identity info is part of Petty Theft 101 nowadays. criminals know how to turn names, addresses, RSI numbers, account info, etc. into credit cards, loans, and what have you -- all without any notification to BoI. For the bank to assume that they would be able to tell if a customer was victim to identity theft -- either bullshit or ignorance. I also love the way they raised the installation of "security" products on the laptops, as if a copy of Norton would do any good whatsoever... Agreed that we need breach notification in this country. I blogged about this on taint.org: http://taint.org/2008/04/22/103400a.html

as I noted there, using stolen identity info is part of Petty Theft 101 nowadays. criminals know how to turn names, addresses, RSI numbers, account info, etc. into credit cards, loans, and what have you — all without any notification to BoI.

For the bank to assume that they would be able to tell if a customer was victim to identity theft — either bullshit or ignorance.

I also love the way they raised the installation of “security” products on the laptops, as if a copy of Norton would do any good whatsoever…

Agreed that we need breach notification in this country.

]]> By: James Galvin http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/comment-page-1/#comment-733807 James Galvin Tue, 22 Apr 2008 21:39:16 +0000 http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/#comment-733807 The Clarkson scam is very relevant here - he was a victim of his own cockiness, not realising the damage that people can do when they obtain some of your details. Bank of Ireland are doing the exact same - they say the lost details are not being used for anything illegal; how could they possibly know this? All they can be confident about is that none of the 10,000 BoI accounts have been illegally accessed. Are the security/fraud guys at BoI seriously unable to predict some of the potential illegal scams that could result from this data breach, aside from just withdrawing money from the BoI account? The breach in itself is shocking enough, but BoI's lackadaisical and irresponsible reaction adds insult to injury. The Clarkson scam is very relevant here – he was a victim of his own cockiness, not realising the damage that people can do when they obtain some of your details. Bank of Ireland are doing the exact same – they say the lost details are not being used for anything illegal; how could they possibly know this? All they can be confident about is that none of the 10,000 BoI accounts have been illegally accessed. Are the security/fraud guys at BoI seriously unable to predict some of the potential illegal scams that could result from this data breach, aside from just withdrawing money from the BoI account? The breach in itself is shocking enough, but BoI’s lackadaisical and irresponsible reaction adds insult to injury.

]]> By: Tom Young http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/comment-page-1/#comment-733793 Tom Young Tue, 22 Apr 2008 21:28:13 +0000 http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/#comment-733793 We should call for a resignation, like our counterparts in the UK. This is gross negligence on the part of the management at BOI. Counts: 1. Failure to secure personal data; 2. Failure to have adequate asset tracking in place; 3. Failure to disclose losses in timely fashion to customers; 4. Failure to apply correct corporate governance standards in the organisation; and 5. Failure to display and escalation or management process to highlight what can only be described as a cataclismic screw up and media nightmare on the part of one of Ireland's larges financial institutions. If they claim no case to answer after the Soden episode, then the nation deserves a skin at the highest level. Encryption is a quick win. Seems they were skirting on costs again. Tom We should call for a resignation, like our counterparts in the UK. This is gross negligence on the part of the management at BOI.

Counts:

1. Failure to secure personal data;
2. Failure to have adequate asset tracking in place;
3. Failure to disclose losses in timely fashion to customers;
4. Failure to apply correct corporate governance standards in the organisation; and
5. Failure to display and escalation or management process to highlight what can only be described as a cataclismic screw up and media nightmare on the part of one of Ireland’s larges financial institutions.

If they claim no case to answer after the Soden episode, then the nation deserves a skin at the highest level.

Encryption is a quick win. Seems they were skirting on costs again.

Tom

]]> By: Moves on Data Privacy | Dave Kelly :: Blog http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/comment-page-1/#comment-733513 Moves on Data Privacy | Dave Kelly :: Blog Tue, 22 Apr 2008 16:20:23 +0000 http://www.mulley.net/2008/04/22/bank-of-ireland-do-we-look-bovered-at-your-data-loss/#comment-733513 [...] Bank of Ireland: Do we look bovered at your data loss?, Damien Mulley Written by Dave, on April 22, 2008 at 10:43 am; Tagged as Privacy __(and tagged) Bank of Ireland, Data privacy, Privacy. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. « links for 2008-04-15 [...] [...] Bank of Ireland: Do we look bovered at your data loss?, Damien Mulley Written by Dave, on April 22, 2008 at 10:43 am; Tagged as Privacy __(and tagged) Bank of Ireland, Data privacy, Privacy. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. « links for 2008-04-15 [...]

]]>