OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ekmi message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: [Dataloss] Laptop security lapse at BoI shines a light on datasafety]

FYI.  Not that Full-Disk-Encryption would have addressed the
problem if the FDE was not taking advantage of some crypto
module that would lock out the attacker and/or destroy the
decryption key after some unsuccessful attempts.

Arshad Noor
StrongAuth, Inc.

---------- Forwarded message ----------
From: InfoSec News <alerts@infosecnews.org>

http://www.independent.ie/business/irish/laptop-security-lapse-at-boi-shines-a-light-on-data-safety-1359869.html

By Sharon Lynch
independent.ie
April 26 2008

LOSING a laptop can be attributed to just plain bad luck, two can be put
down to carelessness, however, three and four would send anybody's alarm
bells ringing.

But this was not the case at Bank of Ireland earlier this week when it
emerged that four laptops had been stolen from the institution's
investment arm between June and October of last year.

The bank said it was only told six weeks ago that three of its
unencrypted laptops were stolen from cars and another from the branch.

And when it emerged that the laptops had the personal data of 10,000
customers, which were only protected by a password system, a number of
questions were raised about the safety of customer information as well
as the regulation of security systems.

Weak

Owen O'Connor at Information Systems Security Association Ireland
described the bank's IT security procedure as a "very weak'' level of
protection. "If a laptop is unencrypted, a moderately skilled IT person
will be able to access all information on the files," he said.

[..]


[AN] And an update:

http://www.rte.ie/news/2008/0428/boi.html

The number of Bank of Ireland customers affected by the theft of laptops
last year has risen to over 30,000, RT News has learned.

Following futher investigations by the bank, it has emerged that details
of more customers were on the four missing laptops than previously
thought.

Last week, the bank said that medical records, bank account details,
names, addresses and dates of birth of 10,000  customers were on the
laptops.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]