BANK OF Ireland only learned last year of the theft of four laptops containing confidential personal data on 10,000 customers when it asked staff whether any such incidents had taken place at the bank after similar cases emerged in the UK media.
A spokeswoman for the bank said it was told six weeks ago that four laptops belonging to investment advisers with Bank of Ireland Life were stolen between June and October last year. Three laptops were stolen from cars and one was taken from a branch.
She said the bank did not contact the Financial Regulator until last Thursday - six weeks after learning of the thefts - and the Data Protection Commissioner until last Friday as it took "some time" to examine 10,000 accounts and to investigate the incident. Customer names and addresses, as well as account and medical details, were on the laptops.
"We have to satisfy ourselves and we have to have all the information before we go and report on an incident," she said. The thefts were reported to the Garda shortly after they had occurred.
Recent well-publicised incidents in the UK where sensitive personal data went missing prompted the bank to review its own operations, which led to the incidents coming to the notice of management. "It was a trigger for us all to look at our systems," said the spokeswoman. Informing the regulator of the incidents, the bank said it would take two weeks to contact affected customers. Letters would be sent in the coming days, the spokeswoman said.
The Financial Regulator is co-operating with the Data Protection Commissioner's investigation into the incident.
Speaking at the Bank of Ireland's Northern Ireland headquarters in Belfast, the bank's governor, Richard Burrows, said he was "horrified" at the theft of the laptops and said an "internal bungle" was to blame for the thefts only recently coming to public light.
"I am very horrified. It was a very serious internal lapse. We have an investigation under way to find out why it was so," he said.
The bank's head of retail operations, Richie Boucher, is managing the internal investigation.
Mr Burrows said that "the consequences of this will come later".
He said the stolen laptops were not encrypted because it was felt at the time that the passwords system formed perfectly adequate protection. "We are now moving to encryption, which is a recognised means of making information that much safer," he said. The bank has said there is no indication of any customers suffering losses over the stolen laptops.
"Since this came to light, we have been monitoring the accounts of the customers concerned and there has been no evidence of any fraudulent activity or any attempted fraudulent activity on the customers' accounts concerned," said Mr Burrows. The bank would fully compensate any losses incurred as a result of the thefts of the laptops, he said.
Financial ombudsman Joe Meade described the thefts as very serious and said it should serve as a "wake-up call" for everyone in the financial services industry.
He pointed to a number of recent decisions he had made in which financial services companies were fined because private customers' data went astray or was inappropriately disclosed.
Bank of Ireland said customers of seven branches - Drogheda and Dunleer in Co Louth; Bagenalstown and Court Place in Carlow; and St Stephen's Green, Tallaght and Montrose in Dublin - who obtained a quote or took out a life assurance policy with Bank of Ireland Life were affected.
About 400 investment and insurance advisers working with Bank of Ireland Life use laptops and work outside bank branches, visiting customers at their homes or places of business.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)