Bank of Ireland laptop theft: Is XP username and password safe?

W

Whiskey

Registered User
Messages
105
On the news today was information about the theft of some bank of Ireland laptops. Some of the laptops had sensitive information.

It doesn't say what operating system the laptops used.

If it is XP, and a login is required to run windows, then the people who stole the laptops would not be able to access any data on the machine.

Am I correct ?

I've got an XP work laptop, I can't access windows without a username and password. I must log on to a domain, or as administrator to my own machine.

My question is, is it possible to access information on the hard drive of an XP laptop which requires the user to log on to the system ?
 
Re: Bank of Ireland laptop theft

Yes, it is easy to get around the password. The data must be encrypted on the disk, which it was not. BTW it only takes a couple of mouse clicks, to enable the encryption.
 
Re: Bank of Ireland laptop theft

It may take a whole 5 minutes to bypass the windows login password (if I had a cup of coffee in the middle).....
 
Re: Bank of Ireland laptop theft

For anyone who's interested these are the effect branches effected
The information on the computers includes names, addresses, bank account details and medical records of customers at branches in Drogheda, Dunleer, Bagnelstown, Court Place Carlow, Stephens Green, Tallaght and Montrose.
Click to expand...
 
Re: Bank of Ireland laptop theft

jhegarty said:
It may take a whole 5 minutes to bypass the windows login password (if I had a cup of coffee in the middle).....
Click to expand...

May I ask how.

I've got an XP laptop, and if I forget my username and password, then I can't enter windows.
It's says "incorrect username and password" ! So I'd need to call my company helpdesk, and they would reset it !!

Are you saying there is a "backdoor" username and password which works with all XP systems ??

I always was of the belief that if my laptop were stolen, nobody could enter into windows.......I'm obviously wrong.......hopefully someone will enlighten us as to what possible techniques might be used to get data from the hard drive of a password protected xp system.
 
Re: Bank of Ireland laptop theft

I think that companies and the authorities should suppress news of laptop thefts involving loss of confidential data. Media reports which emphasise the potential risks of identity theft etc merely incentivise thieves to exploit these risks by passing stolen laptops to specialist criminals, who might hope to profit from misusing the data on the laptops. The type who happens to "find" laptops every so often and sell them on for €20 or €30 will now be motivated to up the ante.
 
Re: Bank of Ireland laptop theft

Whiskey said:
May I ask how.
Click to expand...
Boot using one of the many bootable LINUX os and you'll be able to see the hard disk mounted and will have full access to the data on the disk.

Boot takes around 2 minutes.

There are many ways to access the disk, reinstalling XP in a new location will give you the data also but will take a little longer.
 
Re: Bank of Ireland laptop theft

Bluetonic said:
Boot using one of the many bootable LINUX os and you'll be able to see the hard disk mounted and will have full access to the data on the disk.

Boot takes around 2 minutes.

There are many ways to access the disk.
Click to expand...

As Bluetonic said , linux boot disk.... don't really want to go into more detail than that
 
Re: Bank of Ireland laptop theft

ubiquitous said:
I think that companies and the authorities should suppress news of laptop thefts involving loss of confidential data.
Click to expand...

Seems like BOI think the same way as it took them nearly a year to report the theft to the Data Protection Commissioner.

It beggers belief that BOI don't encrypt all data held on laptops, this doesn't require hindsight; it is basis security. Do they still have an IT department or did they manage to misplace it during the outsourcing!

Though I suppose if they don't allow encryption on their laptops it's harder for the workers to hide their porn which is a purely executive perk within BOI!
 
Re: Bank of Ireland laptop theft

ubiquitous said:
I think that companies and the authorities should suppress news of laptop thefts involving loss of confidential data.
Click to expand...

I have heard of other large 'loses' on the grape vine which have never made it into the public domain. It must be the Montrose connection which got it into the news

Askalot,

AFAIK there are no PC staff left in BOI, but I assume they must have kept on some of the key mainframe staff.!!!
 
Re: Bank of Ireland laptop theft

The governor of the Bank of Ireland has said he is “horrified” by the theft of four laptops containing confidential information of 10,000 customers.

I'm horrifed that after the first theft in June that no encryption was done on the other laptops! it's all very well for BOI to state they are monitoring these peoples accounts for anything untoward but what about other financial institutions? with all the detail on the laptops the thiefs could be applying for quite a number of credit cards from other banks. someone in BOI should be sacked for this but they won't.
 
Re: Bank of Ireland laptop theft

Just makes the new entrants to the market look better. Maybe its a good thing that this has come out.

I'd say that BOI is no better or worse than PSB or AIB, they are used to having it easy.

I'm hoping BOI get nailed for this more power to the Data Commissioner.

http://www.dataprotection.ie/docs/Home/4.htm

 
Last edited by a moderator:
Re: Bank of Ireland laptop theft

it would seem that when the laptops were stolen higher authority was not advised...i think the phrase used was that it was not escalated. this begs the question if the parties concerned had to seek a new laptop why was it not discovered then. the fact that the thefts occured over a wide area might suggest it was not the first time. again i dont think bank of ireland has confirmed that it did not happen before.
 
Re: Bank of Ireland laptop theft


Bank of Ireland dont have an IT Department for Infrastructure and Onsite Services, this is managed by HP.

I cant comment on the rest.
 

I see your point, but there is a further benefit of widely publicising these incidents, in terms of making other IT managers/business owners/directors very conscious of the need to put appropriate security procedures in place.
 
Re: Bank of Ireland laptop theft

I agree. It should also be kept secret that there is money in banks and that vans are used to transit the cash. This would stop robbers from robbing them. Indeed, we could go a little further and keep the internet a secret between just you and me. That would stop all those phishing attacks and stock boilerroom scams.

Why not stop there? Maybe we should have the state take over the media to prevent them giving out information that might be useful to criminals?
 
Would somebody ask the b of I did it pay e4,000
compensation to one customer for one incident of data exposure in 2005?

The Sunday Trib had it buried in an article page 2 business section.

I'm sure the 31,000 customers would be most interested in the response.
 

How do we know your not the one with the laptops? Im a member of the BOI and i just hope that they had a much more rigid security measure in place rather than XP. Have they no responsibilities in these large bulti billion euro enterprises. They should pump some of that money into protecting its members...shame on them.
 
You must log in or register to reply here.
Menu
Log in
Register