Experts say Irish Gas Board data loss highlights need for digital vaulting of customer records

Cyber-Ark says Irish Gas Board data loss highlights need for digital vaulting of customer records

June 2009 (Eskenzi PR) - The theft of a laptop containing the bank account details of around 75,000 customers of the Irish Gas Board highlights a serious security procedure failing, rather than an unfortunate incident, says Cyber- Ark, the digital vaulting specialist.

The fact that the data on the laptop - one of four stolen from the Bord Gais offices and adjacent buildings earlier this month - was not encrypted is a very serious issue says Mark Fulbrook, Cyber-Ark's UK and Ireland Director.

"That's bad enough, but best practices in IT security mean that the sensitive customer data shouldn't have been stored on a laptop in the first place – it should have been digitally vaulted or at the very least encrypted locally and accessible only on a need-to-use basis," he said.
"And that need-to-use basis should only be available across the company's network, using authenticated and logged access procedures," he said.

Whilst there is a case for allowing access to customer records remotely, the information should never include customer payment details, and certainly not their bank account information unless through a secure channel with full authentication, encryption and security measures in place such as digital vaulting, he explained.

"But to store customer bank account data unencrypted on a laptop goes against all known IT security procedures. It's a very serious procedural error," he added.

For more on the Bord Gais laptop customer record fiasco: http://preview.tinyurl.com/lcxzup

For more on Cyber-Ark: http://www.cyber-ark.com

<>