This story just gets worse – now BOI admit they have lost over 31k records. BOI need to answer a few more hard questions openly and honestly in order to stop me from closing my last remaining account with them:
- Is/was it routine for bank employees to bring laptops containing unencrypted data off bank property? Can you guarantee me that your employees never copied data off your laptops onto another machine at home or emailed it via SMTP servers in unencrypted email messages? I don’t really care what official bank policy (meaningless) is, I just want to know if your employees technically could do this.
- If the above is routine, how do they know that only 31k records were lost? After all, you don’t actually have the laptops so how would you know what is on them? Right now trust is gone out the window and you don’t have to give so much information that you would potentially compromise the security of live systems. Technical details on the auditing capabilities of your laptop/mainframe data synchronization tools would be great – just to give me that warm fuzzy feeling.
- If the above is routine, how many of your employees recently sold, dumped or gave away PCs that they might, at one stage, have been editing bank data on while working at home?
- When was the last group hardware audit completed and are any other laptops unaccounted for? Not necessary stolen, just not where they are supposed to be
Lastly, and this question stands, even if I do close that last account. According to the above referenced news story
In the unlikely event of a fraud arising as a direct result of the theft of these laptops, the customer will be fully compensated.
(also stated here though I can’t find an official statement)
What will BOI do if my credit history is destroyed by someone who steals my identity via the data you so kindly made available to them? What if that person is never caught and therefore I can never prove that their data source was the hard drives in those laptops? What was that? Did you say ‘nothing’ or was that ‘prove it’? I thought so.
Data is such a genie in a bottle isn’t it.