The personal information of almost 1000 bank customers has been lost by an employee of Bank of Ireland, after the data was copied onto an unencrypted USB memory stick.
In the latest security blunder to befall a bank, details of 894 customers’ accounts, phone numbers and addresses were wrongfully copied onto a portable flash drive which was subsequently lost. In the wrong hands, the information could provide criminals with some of the essential stepping stones to committing identity theft.
Bank of Ireland says it has informed most of the people affected by the data breach, and will monitor their accounts for unusual activity.
That’s all very well – but this security lapse should never have happened in the first place. With proper checks and measures in place, it should have been possible to control access to the memory stick and ensure that any sensitive data copied to it remained encrypted.
Sadly it seems the message about the need for greater care over the transport of sensitive data just isn’t getting through to some businesses – or at least that workers cannot be trusted to follow security guidelines and policies.
If you cannot enforce a policy across your workforce then there is the risk that your employees are putting the reputation of your company directly into the firing line.