Skip to comments.UK: Personal data of a million bank customers found on computer sold on eBay for £35
Posted on 08/26/2008 3:25:17 AM PDT by TigerLikesRooster
Personal data of a million bank customers found on computer sold on eBay for ?35
By Dan Newling
Last updated at 11:03 AM on 26th August 2008
Personal details of more than a million bank customers have been found on a computer sold on eBay.
Highly sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive.
It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.
'A thief's treasure chest': Andrew Chapman with the hard disk drive he bought on eBay containing the private bank details of more than a million people
It was described as 'a data thief's treasure chest', with everything a criminal needs to assume a customer's identity - and clear out their bank account.
The massive data loss - one of the worst ever in Britain - is a clear breach of the banks' obligation under the Data Protection Act to keep all personal information secure.
Coming just days after the Home Office admitted losing the details of 127,000 criminals, it is certain to fuel public concern about how Government and businesses look after our secrets.
More... 'Reckless' ministers lose 3,200 laptops and mobile phones from Whitehall This is Money: 10 steps to beating ID fraud
Last night it was revealed that a second computer from the same site has gone missing, meaning yet more information could have been leaked.
IT security expert Adam Laurie said: 'This is appalling. This information is worth millions - a thief could easily use it to go on an enormous shopping spree.'
Liberal Democrat spokesman Tom Brake said: 'This is yet another example of a seemingly trusted organisation appearing to be sloppy with people's personal information.
(Excerpt) Read more at dailymail.co.uk ...
Psssst! Hey! Hey Buddy! Wanna buy a hard drive?
I sometimes do contract work for somebody who helps banks with CRA and HMDA compliance. His work does NOT require personal identifying information about the clients. The most important thing is simply which census tract they are located in. Nonetheless, the banks routinely send information including EVERYTHING about the clients. (Names, SS#s, etc.)
This consultant of course erases that information immediately, but it is scary that banks are so loose with this stuff. (the way they organize their data is cause for alarm as well.)
Unless those drives are sitting atop cooling fans, that has to be the worst designed NAS/Drive array ever. It’s going to cook the equipment.
Drexel University class went out and got computers tossed away by folks. They pulled information out of the hard drives and went back and showed the former owners what they did when they tossed the computer. It was amazing.