Irish Telecommunications company eir has revealed that almost 37,000 of its customers have been impacted by a General Data Protection Regulation (GDPR) breach which occurred following the theft of a staff laptop.
The laptop, which was unencrypted, was stolen outside an office last weekend aocording to a statement released by eir. The company also revealed that no financial data has been endangered due to the breach. However, some customer data was affected including names, email details, phone numbers and the account numbers of customers. The incident has been reported to the Irish Data Protection Commissioner in line with GDPR, the new data protection legislation introduced by the European Union on May 25 this year.
An eir spokesperson said “There is no evidence at this time that the data at risk has been used by a third party. In this case, the laptop had been decrypted by a faulty security update the previous working day, which had affected a subset of our laptops and was subsequently resolved.”
He added that “Eir treats privacy and protection of all data extremely seriously and our policy is that all company laptops should be encrypted as well as password protected. We have initiated a programme to contact those customers whose data may be at risk. This is a result of the theft of one laptop, which was stolen offsite. No other personal or financial data relating to customers was stored on the laptop in question.”
Despite the device reportedly being an unencrypted laptop it was password-protected, a security measure that would have prevented a non-tech savvy thief from gaining access to it.
Eir has sent letters through the mail today to inform impacted customers of the incident involving the laptop which was being ten days ago.
An official statement which the Data Protection Commissioner released said “Eir has continued to update the Commission on this incident, and the remedial action being taken. As of yesterday Eir reported that out of the 1,484 laptops impacted, 1,438 laptops have been re-encrypted, a further 25 are re-encrypting or awaiting re-encryption and 21 remain unencrypted. Eir also confirmed that it will be contacting the persons affected by the theft. The DPC continues to closely monitor this situation”.