37,000 customers of Irish Telecommunications company eir have had their private personal data impacted due to a General Data Protection Regulation (GDPR) breach which happened due the theft of an employee laptop.
The laptop, which was not encrypted, was taken from an office last weekend according to a statement released by eir. The company also revealed that no financial data has been placed in danger as a result of the breach. However, some customer data was impacted including names, email details, phone numbers and the account numbers of customers. The incident has been made known to the Irish Data Protection Commissioner in line with GDPR, the new data protection legislation introduced by the European Union last May.
A representative for eir said: “There is no evidence at this time that the data at risk has been used by a third party. In this case, the laptop had been decrypted by a faulty security update the previous working day, which had affected a subset of our laptops and was subsequently resolved.”
He went on to say that: “Eir treats privacy and protection of all data extremely seriously and our policy is that all company laptops should be encrypted as well as password protected. We have initiated a programme to contact those customers whose data may be at risk. This is a result of the theft of one laptop, which was stolen offsite. No other personal or financial data relating to customers was stored on the laptop in question.”
Even though the device is believed to have been an unencrypted laptop it was password-protected, a security measure that would have stopped a non-tech savvy thief from obtaining access to it.
Eir has sent out notification letters to inform impacted customers of the incident involving the laptop which was stolen ten days ago.
The Data Protection Commissioner released an official statement which which stated: “Eir has continued to update the Commission on this incident, and the remedial action being taken. As of yesterday Eir reported that out of the 1,484 laptops impacted, 1,438 laptops have been re-encrypted, a further 25 are re-encrypting or awaiting re-encryption and 21 remain unencrypted. Eir also confirmed that it will be contacting the persons affected by the theft. The DPC continues to closely monitor this situation”.