Data Thief's Treasure Chest

2008-08-28

Dan Newling, MailOnline, is reporting that a computer sold on eBay contained the personal details of one million bank customers. The computer was purchased for 35 pounds.

The article states, "Highly sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive. It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures." The computer is being described as "a data thief's treasure chest" - providing a criminal with everything they need to assume a customer's identity and empty their bank account.

The man who purchased the computer off of eBay, Andrew Chapman, said "I couldn't believe it. In front of me were realms of extremely confidential information about thousands and thousands of people."

This is said to be one of the worst ever data loss incidents in Britain. Newling writes that both American Express and NatWest/RBS have said that they need to establish how many customers are affected before deciding how to act.

Adam Laurie, IT security expert, said "This is appalling. This information is worth millions - a thief could easily use it to go on an enormous shopping spree."

The computer belonged to archiving firm Graphic Data, and included thousands of credit card applications from NatWest, and at least 1,314 credit card balance transfers received by American Express. It has been revealed that a former employee at Graphic Data sold the computer on eBay without erasing the internal hard drive first. Sources also state that another computer from Graphic Data is still missing.

Tom Brake, Liberal Democrat spokesman, stated "This is yet another example of a seemingly trusted organization appearing to be sloppy with people's personal information. This kind of data is invaluable and needs to be treated as such. People are entitled to wonder why they are constantly being told about the importance of protecting personal information when large organizations don't seem to follow the same rules themselves."

You can read the entire article, here.