I first read about this here in a post by Ach go háirithe last week, and it’s since been covered in the Sunday Business Post here.
And bizarrely, and worringly, Ach go háirithe received a solicitors letter asking that a letter as part of the original post be taken down.
Basically, Airtricity made available on their website the personal and financial details of 1200 of their customers who’d signed up online for their electricty service. Apparently, the incident actually happened in November, but wasn’t noticed until January.
One thing that confuses me is this statement from the SBP article:
Forensic computer analysts have been unable to tell if the data was downloaded or copied.
Surely if Airtricity have any kind of web statistics package, they’d be able to tell immediately how many times the file was downloaded, and even which computers in Ireland, or around the world, were involved? I would find it incredible that a company the size of Airtricity doesn’t have such a web stats package in place**.
I wonder is it the case that they actually do, and consequently do know how many times and where the file was downloaded, and that maybe thats why they’re worried enough to offer fraud protection insurance for 2 years to the impacted customers?
** Edit – The Airtricity website does use WebTrendsLive.com and Google Analytics on their website, so it is quite likely that they know exactly the activity regarding those customers details.