An Irish life and pensions company admitted that it may have lost the personal details of about 50,000 current and former customers following a lost tape.
According to the Irish Times, Phoenix Ireland said that the ‘possible' data loss could also affect a small number of people who contacted the company when it was Scottish Provident Ireland, but did not take out a policy.
The report said that the unencrypted data included customers' names, addresses and bank account details. A spokesperson said that it viewed this risk as ‘low-level' as it had been advised that it would be extremely difficult to distil information from the tape as it was not labelled ‘Phoenix'.
A spokesman also said that it is not convinced that the tape was ever actually created; it just knows that it did not arrive when it should have been sent from one office to another.
Edy Almer, vice president of product management at Safend, said: “The only thing with this is that a backup tape is slightly less dangerous than a USB or laptop as you would not steal this in the first place. You need to know more about IT to access a tape but you can find and get data out of a laptop.
“So it is slightly less dangerous but not for the people receiving the notification. On the other side of the coin, a backup tape has a lot of data that can be important to an organisation.”
Andy Cordial, managing director of Origin Storage, said: “This is a large-scale data breach that, given Ireland's population, probably ranks as one of the largest in the Republic's history. The case will cost the company money in several ways, not least when the Irish and UK data protection authorities get more involved."
Dave Everitt, general manager for EMEA at Absolute Software, said: “The fact that Phoenix Ireland doesn't even know whether it lost this data in the first place is completely unacceptable. It is yet more proof that companies have to ensure they can keep track of their data at all times, regardless of what format it's stored in or whether it's at rest or in motion.
“Modern businesses should look at every available option including encryption, asset management and theft recovery solutions to make sure they're not risking their customers' data. Sending out the kind of letters received by Phoenix Ireland's customers in the last few days must be a CEO's worst nightmare.”