My predicition: The Data Protection Commissoner will “investigate” and do sweet fanny adams. Which apparently is their job really. The same Data Protection Commissioner that did nothing when Talk Talk harassed people for weeks. They said they did wrong but it was the first time so they let them off. The same Data Protection Commissioner who said there was no data loss when the Blood Transfusion Service lost 170,000 records. See the records were encrypted so that’s fine. Not like encryption can be broken. If it really was encrypted.
So now we have 10,000 records that contain financial details, medical records, names, addresses. Gold for someone that wants to assume your identity and siphon money from your accounts. Hell, depending on your medical history, they could blackmail you too. But Bank of Ireland says nothing was accessed and nobody was conned, so move along here. Uhm. You only told the public yesterday, how do you know the data wasn’t used for another con?
The spokesman said there was no evidence of any fraudulent or suspicious activity relating to any of the 10,000 customers’ accounts since their records were stolen.
Actually, the DPC were informed but BOI says they’re just wanting to hear how things go, wow, proactive:
The spokesman denied reports that the data protection commissioner and the financial regulator were investigating the bank’s loss of customers’ records.
However, he said that both regulators had asked to be kept informed of the bank’s investigation into the matter.
Update: Seems the DPC is investigating now.
Remember when Clarkson got scammed?
It’s time for Data Breach Notification laws here. We can’t let banks and comapnies decide whether to tell us or not about these breaches.