Important Customer notification from eir

eir has reported a data breach of personal details for up to 37,000 customers to the Data Protection Commissioner. The data consists of names, email addresses, phone numbers and eir account numbers. This is a result of the theft of one laptop, which was stolen off premises. No other personal or financial data relating to customers was stored on the laptop in question.

Other useful information and promotions explained

What happened?

An eir laptop containing personal data for a number of our customers was stolen from a public location. The laptop was password protected but not encrypted. While we believe that data is typically wiped by thieves in these situations in order to sell the laptop, it is possible that the data could be exposed.

How many customers/applicants/people are affected?

We estimate that up to 37,000 eir customers could be affected. 

Could this potentially affect all eir customers?

No the vast majority of customers are not impacted by this issue. If you do not receive correspondence from us regarding your account then you are not affected.

Which of my personal details could have been on the laptop?

If you received an email or letter from eir then some or all of the following information could have been on the laptop: customer name; email address; eir account number; or contact number.

Was there any financial data on the laptop?

No.

Could someone access my eir account if they had this information?

No. Our data protection rules are very rigorous but if you are concerned about the security of your account, you can add an additional security question to your account.

What is eir’s data retention policy?

Data retention policies depend on the type of data and how we use it. When we make a decision what data to keep we consider the information we need to best provide our customers with our products and services, to help us manage our relationship with our customers, and to make sure we meet our statutory obligations. We retain active customer data for as long as the customer remains with us. For those that leave us, we will eventually destroy that data in line with our retention policy.

How are you contacting customers? (telephone, email etc.)

Customers will receive an email, and in the case we do not have a valid email address for the customer they will receive a letter or a phone call where appropriate.

Is eir reviewing its security policy in light of this incident?

eir treats privacy and protection of all data extremely seriously and our policy is that all company laptops should be encrypted as well as password protected. In this case the laptop had been decrypted by a faulty security update the previous working day.

We are reviewing our IT and data protection systems and policies to ensure a situation like this cannot happen again.