Irish mobile phone carrier O2 may have had a breach involving customer data. Or not. It seems they’re not really sure what was on a missing backup tape. And I’m not sure I understand why they first told this summer that a tape went missing in September 2011.
And of course I’m not sure I understand why consumers should be less concerned just because a firm thinks that a tape is still on its premises. If you can’t find something and people had been in and out, how can you be sure it wasn’t stolen?
Update: Brian Honan shares his questions about this breach.
I agree with the sentiments of Brian Honan and also would have liked to see some clear direction from the Data Protection Commissioner.
The articles refer to “may have”, “believes” and “it is possible”. These phrases do not install confidence that they treat data security seriously. Basically it means they don’t have a clue what has happened and to release a statement 5 months on after identifying the loss indicates they are not likely to find it as they would surely have turned over every stone by now.
The data on the tape contains a snapshot from O2’s internal company drives stating it “may have” contained customer information. That means they don’t know. If they can’t state that it DOES NOT contain customer data then it should be presumed it does.
The Commissioner then makes a ridiculous statement stating that as the tape was lost internally customers should not be unduly concerned. This shows they have a complete lack of understanding of the situation as indicated by Brian. If they can’t locate the tape how do they know it is not “in the wild” so to speak.
O2 indicated that they were not aware of any incident since the loss to indicate the information on the tapes has been used. Having said that they don’t really know what information was not on the tape nor could they have any effective monitoring in place to identify any such occurrence.
Having had 5 months to prepare for this release I don’t think they have done a particularly good job on it
From an unhappy current O2 customer.