The Bank of Ireland has admitted that the unencrypted personal details of 31,500 customers - three times as many as previously disclosed - went missing with the theft of four laptops last yea
Instead of around 10,000 customers being affected by the loss of four laptops, 31,500 policies, policy applications and some mortgage customers were affected. The higher number emerged following the early stages of an investigation by the bank.
Calling the laptop loss a “regrettable incident”, the bank said in a statement that the risk of fraud was “very low”, promising compensation if any fraud was identified. It said that so far no fraud had been found.
“The data on the laptops did not include bank account passwords, PIN numbers or copies of signatures,” it added.
It said customers of a number of branches had been affected, and that it would send letters to customers “outlining the type of personal data that was contained on the computer in relation to them”.
The bank said it had taken steps to improve its IT security, including encrypting all laptops in its Life division, which was affected by the thefts. It promised to encrypt all other laptops across the group by the end of May.
Today the Financial Times quoted industry sources as saying the Bank of Ireland is expected to be reviewing its ongoing seven year IT services contract with HP, which it signed in 2003 for approximately £300 million.
The Office of the Data Protection Commissioner is due to visit the offices of the Bank of Ireland on Thursday in relation to its own investigation.