UK: Personal data of a million bank customers found on computer sold on eBay for £35

Daily Mail ^ | 08/26/08 | Dan Newling

[TigerLikesRooster]

Personal data of a million bank customers found on computer sold on eBay for ?35

By Dan Newling

Last updated at 11:03 AM on 26th August 2008

Personal details of more than a million bank customers have been found on a computer sold on eBay.

Highly sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive.

It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.

'A thief's treasure chest': Andrew Chapman with the hard disk drive he bought on eBay containing the private bank details of more than a million people

It was described as 'a data thief's treasure chest', with everything a criminal needs to assume a customer's identity - and clear out their bank account.

The massive data loss - one of the worst ever in Britain - is a clear breach of the banks' obligation under the Data Protection Act to keep all personal information secure.

Coming just days after the Home Office admitted losing the details of 127,000 criminals, it is certain to fuel public concern about how Government and businesses look after our secrets.

More... 'Reckless' ministers lose 3,200 laptops and mobile phones from Whitehall This is Money: 10 steps to beating ID fraud

Last night it was revealed that a second computer from the same site has gone missing, meaning yet more information could have been leaked.

IT security expert Adam Laurie said: 'This is appalling. This information is worth millions - a thief could easily use it to go on an enormous shopping spree.'

Liberal Democrat spokesman Tom Brake said: 'This is yet another example of a seemingly trusted organisation appearing to be sloppy with people's personal information.

[TigerLikesRooster]

[TigerLikesRooster]

Ping!

[Smokin' Joe]

Psssst! Hey! Hey Buddy! Wanna buy a hard drive?

[DB]

When businesses demand this type of information they have an obligation to protect it. The consequences for this sort of breach should be very stiff. When things like this happen the business should be held accountable for all the costs of changing every breached customer's bank account, new checks and the clients time to redo all his accounts along with being responsible entirely for any losses that occur before the changes are made. If a business exposes clients social security number they should be held accountable for at least 20 years for any identity theft issues and the costs and hassles of locking down the clients credit.

[Dr. Sivana]

I sometimes do contract work for somebody who helps banks with CRA and HMDA compliance. His work does NOT require personal identifying information about the clients. The most important thing is simply which census tract they are located in. Nonetheless, the banks routinely send information including EVERYTHING about the clients. (Names, SS#s, etc.)

This consultant of course erases that information immediately, but it is scary that banks are so loose with this stuff. (the way they organize their data is cause for alarm as well.)

[Malsua]

Unless those drives are sitting atop cooling fans, that has to be the worst designed NAS/Drive array ever. It’s going to cook the equipment.

[nw_arizona_granny]

Ping.

[oldironsides]

Drexel University class went out and got computers tossed away by folks. They pulled information out of the hard drives and went back and showed the former owners what they did when they tossed the computer. It was amazing.