Notice to Customers re Missing Laptop


Print page

Key Facts

  • The Department was informed by the Office of the Comptroller and Auditor General on 1st August 2008 that one of its stolen laptop computers contained personal and payment information
  • relating to certain Social Welfare customers.
  • According to the C & AG (Comptroller and Auditor General) the laptop was stolen in April 2007 and contained approx 380,000 records
  • The C & AG was conducting an audit of payments on specific schemes for periods in 2005.
  • We are working with the C & AG to identify the cases involved.
  • We will be writing to each of the customers concerned in the next two weeks.

Schemes affected?

The information on the laptop related to customers in receipt of the following payments:

  • Blind Pension, One Parent Family Payments, Orphans' Contributory Pension, State Pensions (Old Age and Retirement), Widows' Non-Contributory Pension only during 2005.
  • Jobseekers (Unemployment) in Kilbarrack in February 2004, Newbridge in September 2004, and Cobh in October 2004.
    and
  • a very small number of customers who received Bereavement, Carers and Invalidity during 2005.

Customers can contact the Department at

Freephone 1800 690 590 (9am to 6pm) (Republic of Ireland Only)

Telephone 00 353 1 4715810 (Outside the Republic of Ireland)

email helpline@welfare.ie

Write to PO BOX 12000, Dublin 1

Questions?

  1. How many customers are affected?
  2. Does it affect new customers after 2004/2005?
  3. If a person was in receipt of any of these above payments at that time what information was on the laptop about them?
  4. Was the information encrypted?
  5. What other services can be accessed if someone had my data from this laptop?
  6. How could this information be used?
  7. What can a customer do to establish if the information has been used inappropriately or fraudulently?
  8. What has or is being done to ensure that this will not happen again?
  9. How can we be sure that data will be safeguarded?

1. How many customers are affected?

The C & AG have indicated that a maximum of 380,000 customers details were on the laptop. 106,000 of these records would have contained bank account details as customers were paid benefits directly into their accounts.

Details of number of records on C&AG missing laptop
 Scheme Records  Pay Month 

 State Pensions (Old Age/Retirement)

 295,000

April 05 

 One Parent Family Parent

 63,00

January 05

 Widow's Non-Contributory Pension

 15,000

 April 05

 Orphans' Contributory Pension

 800

 April 05

2. Does it affect new customers after 2004/2005

Customers who claimed or were put into payment after 2005 are not affected. Customers at the three Social Welfare Local Offices who claimed payments after October 2004 are not affected.

3. If a person was in receipt of any of these above payments at that time what information was on the laptop about them?

The following details were contained on these files

  • Name
  • PPSN
  • Address
  • Pay Amount
  • Bank Details:
    -Last four digits of sort code (normally 6)
    -Bank account number
  • Personal Information
    -marital status
    -birth date
    -payment method & payment location codes
    -free scheme indicators (Y/N for Household Benefits)
    -award date

4. Was the information encrypted?

The information provided to the Office of the C & AG was provided in a standard coded format, however it is understood that this was decoded by the C & AG office. The C & AG office has confirmed that the laptop was password protected, however, the information contained on the laptop was not encrypted. .

5. What other services can be accessed if someone had my data from this laptop?

To our knowledge no services are provided to any individual presenting only that data. Additional evidence of identity is always be sought for example PIN Number, photographic ID, signature, mother's birth surname, nationality.

6. How could this information be used?

A period of 16 months has elapsed since this theft occurred and there is no evidence that customer information has been misused or compromised in any way. In order to access services it is normal practice for additional evidence of identity, such as photographic ID, signature, mother's birth surname to be sought.

7. What can a customer do to establish if the information has been used inappropriately or fraudulently?

It is unlikely that this information has been used inappropriately as the data was stolen in April 2007, however, if bank details were included you should check your bank statements for any unusual activity. If you notice any unusual activity, you should report the matter to your financial institution and write to the Department at PO Box 12000 Dublin 1.

8. What has or is being done to ensure that this will not happen again?

All bulk personal data is encrypted before it is transmitted to external agencies e.g. banks/post offices. The Departments policy is that no sensitive data is to be downloaded to laptops, and in the exceptional circumstances where this is required the data must be encrypted.

9. How can we be sure that data will be safeguarded?

It is the Department’s priority to safeguard data and there are a range of measures in place to ensure that customer data is safe. The Department has an ongoing process of reviewing and strengthening the safeguards regarding the use of personal data. We are also putting in place protocols with the C & AG and other users of our customer data covering access to, use of and storage of personal data.

Last modified:29/09/2008
 

 Intreo/Local Office Locator

 
Search for your local office
img