A LAPTOP stolen from Bord Gáis last year which contained personal data on 93,000 customers has not yet been recovered, a Joint Oireachtas Committee heard yesterday.
Bord Gáis chief executive John Mullins told the Joint Oireachtas Committee on Natural Resources that he could not give “100 per cent assurance” that the confidential information on the stolen computer will not fall into the wrong hands in the future. There is no evidence that anyone has tried to access the data since the theft.
One of four laptops stolen last June contained details such as bank account numbers and home addresses of people who had switched their electricity supply from the ESB as part of Bord Gáis’s “Big Switch” campaign. Contrary to the company’s policy, this laptop had not been encrypted. Bord Gáis was advised by gardaí that this was an “opportunistic” burglary, and “not someone looking for data”, said Mr Mullins. Generally stolen laptops are “wiped” of information, and then sold, he said. None of the machines have been recovered.
The State-owned energy supplier has introduced a number of new security measures to address shortcomings identified in a report on the incident published by the Office of the Data Protection Commissioner. It has encrypted all laptops and PCs, and restricted access to customer data on a “need to know” basis. A mandatory information security awareness training programme has also been implemented for staff.
“I can give assurance that we have the best state-of-the-art systems in place to protect customers from assaults,” he said.
By the end of 2009, Bord Gáis had acquired 320,000 residential electricity customers under the “Big Switch” campaign.