| 8.4°C Dublin

37,000 Eir customers face data breach in laptop theft


(Stock photo)

(Stock photo)

(Stock photo)

Some 37,000 Eir customers have been hit by a security breach after a staff laptop was stolen.

The telecoms firm said that the breach happened when an unencrypted device was stolen outside an office at the weekend. Customer data exposed included names, email addresses, phone numbers and Eir account numbers.

However, Eir insists that no financial data was exposed.

The company has reported the incident to gardaí and the Data Protection Commissioner.

"There is no evidence at this time that the data at risk has been used by a third party," said a spokesman for Eir.

"In this case, the laptop had been decrypted by a faulty security update the previous working day, which had affected a subset of our laptops and was subsequently resolved."

A decrypted laptop is easier to break into than a properly encrypted one.

However, the laptop was said to be password-protected, meaning that a thief who is not tech-savvy would find it difficult to hack.

"Eir treats privacy and protection of all data extremely seriously and our policy is that all company laptops should be encrypted as well as password protected," said the spokesman.

"We have initiated a programme to contact those customers whose data may be at risk. This is a result of the theft of one laptop, which was stolen offsite.

7 Things: Adrian Weckler on Tech

Tech’s stars and turkeys rounded up and served to you every Friday by Ireland’s No. 1 technology writer.

This field is required

"No other personal or financial data relating to customers was stored on the laptop in question."

The laptop was stolen 10 days ago, with letters and emails going out to affected customers today.

Those affected were consumer and small business customers.

"If Eir customers need further information relating to this, it is available at www.eir.ie/customer-announcement," said the spokesman.

Under new European GDPR rules, companies can face higher fines and punitive action for losing or misusing customer information.

However, the rules state that early notification to data protection authorities and those potentially affected are regarded as good practice which can offset possible regulatory punitive action.

Most Watched