News

Non Flash Content - Children running through a field of corn

Statement from Bord Gáis Energy on Laptop theft

17.06.09

Bord Gáis Energy can confirm that a burglary took place on Friday, 5th June in one of its Dublin offices. During this incident four laptops were stolen, one of which contained customer information and bank details for 75,000 Bord Gáis Energy electricity customers. A number of adjacent offices were also burgled at the same time. The Gardaí and the Data Protection Commissioner were immediately informed and a full investigation is continuing.

As the Gardaí pursued enquiries, Bord Gáis Energy, on the basis of a risk assessment, did not publicise the incident as it may have hampered the investigation. Since the burglary Bord Gáis has worked closely with the Gardaí, the Data Protection Commissioner and the Irish Banking Federation.

Over the coming days, Bord Gáis Energy will be in direct contact with all affected customers.

Laptop Theft Q&A
What customers are affected?

This affects customers who applied to switch to Bord Gáis Energy for residential electricity before Friday 29th May 2009 inclusive and had opted to pay by direct debit.

What has happened?

A burglary took place on Friday, 5th June in one of Bord Gáis Energy’s Dublin offices. During this incident four laptops were stolen, one of which contained customer information of 75,000 customers Bord Gáis Energy residential electricity customers.

What action has Bord Gáis Energy taken to address the situation?

Bord Gáis Energy is taking this breach of security very seriously and a team has been set up to deal with the situation. A full investigation is currently underway, we are working with the Data Protection Commissioner, the Gardaí, the Irish Banking Federation and other security experts. We have reviewed our laptop encryption programme and can confirm all laptops are now fully encrypted.

What information was stolen?

The information on one of the stolen laptops contains names, addresses and bank account details of the affected customers.

What information was on the laptops?

Of the four laptops stolen, one had hard drive encryption and the remaining three had sophisticated password protection. One of the laptops with password protection contained the details of Bord Gáis Energy’s residential electricity customers who pay via direct debit.

How is Bord Gáis Energy responding to this incident?

We will be writing to all of the affected customers informing them of this breach in security, letters will be sent out this Friday, 19th June.

Who should we expect to hear from Bord Gáis Energy?

Only customers whose information has been affected will be contacted.

If I am affected, when should I expect to hear from Bord Gáis Energy?

We are currently processing the letters and they will arrive at customer’s homes early next week (commencing 22nd June 2009)

What is the likelihood this information will be misused?

Typically in incidents involving the theft of a laptop it is completely cleaned and sold on within 24 hours. We have been reliably informed that there has not been any case in Ireland where data that was contained on a stolen or lost laptop has been used fraudulently, and because of this we believe the likelihood of the information being misused is minimal.

Why has it taken you so long to inform your customers / public?

Bord Gáis has been working very closely with the Gardaí and the Data Protection Commissioner since the theft. It was the advice of the Gardaí not to alert members of the public about the theft initially as this would affect their investigation and they were following up enquiries. As 12 days have passed since the theft and with the approval of the Gardaí and Data Protection Commissioner, Bord Gáis is now informing their customers of this breach in security.

Why were the laptops not in a secure location?

The laptops were being used on a day-to-day basis and were left in locked offices overnight.

Were the laptops not encrypted?

All of the laptops had levels of security on them – however only one of them had hard drive encryption – the remaining three had password protection.

Who do I contact now?

Contact us for further information.

Should I contact my bank?

We recommend that having viewed your bank account if you are concerned by any unusual transactions please contact your bank branch to advise them of the situation and follow any advice they may give.