Bank of Ireland loses thousands of customer records

Four laptops containing personal details of 10,000 people have been stolen from the Bank of Ireland (BOI). The Data Protection Commissioner in Ireland is investigating the thefts.

Data on the four laptops is not thought to have been encrypted, and BOI will now begin a process of encryption of data on its laptops.

As well as names, addresses and financial details of customers the computers contained some medical records because they were part of the bank's life assurance business.

Though the thefts of the laptops occurred last year between June and October the Data Protection Commissioner was not told until last Friday morning. The Commissioner has launched an investigation.

"The investigation will focus on the justification for the personal data, including sensitive medical data in some cases, being placed on the laptops in the first place, the security arrangements in place and the exact circumstances which led to the delay in the reporting of this matter internally within the Bank of Ireland to the appropriate personnel for the taking of further action," said a statement from the Commissioner.

"Consideration will then be given as to what further action will be sought from Bank of Ireland to ensure that the obligations contained in the Data Protection Acts in this area are met. The Data Protection Commissioner and the Financial Regulator are cooperating on this matter and we will refer any relevant issues to the Financial Regulator," it said.

BOI said that the information concerned people who had taken out life assurance or received a quote at seven branches, which it named.

Financial organisations possess huge amounts of personal data on customers and are amongst the more at risk companies from data theft or loss.

The UK Information Commissioner's Office (ICO) said this week that half of the 28 data security breaches in the private sector that have been reported to it since last November have involved financial services companies.

Earlier this month one of the world's biggest banks, HSBC, lost a computer disc with the policy details of 370,000 people on them in the UK.

Customers lost £3.3m due to failures by Norwich Union to manage customer data effectively. The company was fined £1.26 million by the financial regulator the Financial Services Authority over the 2006 lapse.