Wanna buy bank details? Try eBay Article from: Agence France-Presse
August 26, 2008 09:50pm
A BRITISH data processing firm has launched an urgent review after a staff member sold a computer on eBay containing personal details of a million bank customers. The computer was bought on the online auction site for £35 ($75) by Andrew Chapman, an IT manager from Oxford, in central England, who found the information on the computer's hard drive.
It included bank account numbers, phone numbers, mothers' maiden names and signatures of one million customers of American Express, NatWest and the Royal Bank of Scotland (RBS), the Independent newspaper reported.
It had belonged to data processing company Mail Source which is part of Graphic Data, a company that holds financial information for banks and other organisations.
A spokeswoman for Mail Source said the employee who sold the computer had made an "honest mistake" but insisted it had been an "isolated incident".
She said: "The computer was removed from our secure storage facility in Essex and sold on eBay. "We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared.
"This is a very unfortunate incident and we are taking measures to ensure it will never happen again."
An RBS spokeswoman said: "Graphic Data has confirmed to us that one of their machines appears to have been inappropriately sold on via a third party.
"As a result, historical data relating to credit card applications from some of our customers and data from other banks were not removed.
"We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency."
eBay said such an item should never have been sold on its site.
There have been a series of data security blunders in Britain in the past year.
In two of the most serious cases, the government admitted in November it had lost confidential records for 25 million Britons who receive child benefit payments, and in January, the Ministry of Defence revealed that a laptop with details of some 600,000 people interested in joining the armed forces had been stolen from a naval officer.
the poor poms cant keep anything a secret these days...
Quote
You can do anything if you have enthusiasm. Enthusiasm is the yeast that makes your hopes rise to the stars. With it, there is accomplishment. Without it there are only alibis.
Wow, such a deal for 35 pounds !!! I wonder if it was a hackers computer or if it was really a bank's computer? Most of the bank in the US use centralized databases and application servers so no data is ever stored on a PC for as long as the session requiring it isn't timed out.
That's correct landman. Every bank or financial institution I ever did contract programming for was always operating on some sort of backoffice system with centralized data servers using Corba or some other object request broker architecture that made it virtually impossible for an employee such as a teller or even a bank manager to do anything more than print out acceptable reports from database records.
The medical industry and most public utilities, even ISP's work in a similar manner where employees have no real access to the data as a whole. Sounds like this case is somebody who acquired a hacked database.
| 
Aug 27, 2008, 05:15:22 AM
