Allied Irish Bank (AIB) suffered a data breach on 31 August 2017 after an employee mislaid documents while travelling between branches for a meeting. The lost data affected 500 customers, who have subsequently been informed of the breach, as has the Data Protection Commissioner. The letter sent to those affected outlined the incident along with an apology.
The affected data included names, balance details, fee information and internal codes. However, AIB confirmed that the information would not allow third parties to access customer accounts as contact details and addresses were not included.
AIB issued the following statement after the mislaid data was recovered:
The mislaid documentation was located on the evening of the 12 September when a business owner in Galway contacted AIB to inform us the documentation was handed in to his premises on the day it was mislaid.
All information has been retrieved. The Data Protection Commissioner has been informed. Customer contact commenced yesterday and is well advanced.
Although the lost data was recovered, the question being asked is should that data have been shared securely on an internal system rather than an employee having a hard copy?
When dealing with confidential and sensitive information, employees need to be aware of internal security policies and procedures as well as information security best practice.
Reduce your security risk exposure with information security staff awareness training
Rolling out a comprehensive staff awareness programme will give employees a clear understanding of their compliance requirements, your organisation’s security policies and procedures, and basic knowledge of information security best practice to reduce preventable mistakes.