Bank Customer Data 'Sold on eBay'

mooks · Aug 26th, 2008, 06:30 AM

http://news.bbc.co.uk/1/hi/uk/7581540.stm

A computer containing a million bank customers' personal data has reportedly been sold on an internet auction site.
The Daily Mail says an ex-worker for archiving firm Graphic Data sold it for £35 on eBay without removing sensitive information from the hard drive.
The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers' details were involved.
RBS said Graphic Data had told it the PC had apparently been "inappropriately sold on via a third party".
It said historical information relating to credit card applications for their bank and others had been on the machine.
The information is said to include account details and in some cases customers' signatures, mobile phone numbers and mothers' maiden names.
It is thought the problem came to light when the person who bought the computer noticed and raised the alarm.
A spokesman for eBay said they had not been contacted by the Daily Mail and were currently looking into what had happened.
"Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay. We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site."
RBS and Natwest - two of the three businesses involved - said they are taking the issue very seriously and are working to resolve it "as a matter of urgency."
Banks have an obligation under the Data Protection Act to keep all personal information secure.
Last year the Financial Services Authority fined the Nationwide Building Society £980,000 for a security breach, after a lap top containing customer data was stolen from an employee's home

Cornflower Blue · Aug 26th, 2008, 08:35 AM

The mind boggles!!

This is one of many cases of lost personal data that's happened in the UK in recent months - luckily in this case the guy who bought the computer reported it. Goodness only knows what would have happened if all those details had fallen into unscrupulous hands

...

~Fabulousity~ · Aug 26th, 2008, 09:56 AM

mooks · Aug 26th, 2008, 10:13 AM

Thing is it also contained details from American Express too, could even have been credit card numbers......

Veelyn · Aug 26th, 2008, 10:28 AM

eBay doesn't care what goes on their site as long as they get their fee's.

Jahpson · Aug 26th, 2008, 10:54 AM

Quote:

Originally Posted by Veelyn

eBay doesn't care what goes on their site as long as they get their fee's.

you never lied!

Juicy · Aug 26th, 2008, 02:51 PM

OMG!!!!!!!!! I'm a Natwest customer and i'm not happy!

mooks · Aug 26th, 2008, 03:02 PM

^^^ My other half is too!

annanas · Aug 26th, 2008, 03:14 PM

so am i

but the media really have blown this out of all proportion, you'd have thought that there was a seller knowingly selling people's bank details on eBay. it doesn't even seem like ebay can be blamed here, if the machine sold for £35 i can hardly imagine the description indicating what was on the hard drive. unless the seller stole the computer (which doesn't seem likely to me - surely a thief would be more inclined to use the information on it for financial gain than selling it for hardly anything), graphic data are to blame for not erasing the information before getting rid of the machine.

mooks · Aug 26th, 2008, 03:59 PM

No one has blamed eBay. The blame lies solely in the hands of Graphic Data and the ex-employee who sold the laptop. I think this has been made a big deal of because it comes after what seems to be a plethora of these types of data loss/theft and this laptop contained information such as passwords which if in the wrong hands could have been worth thousands

Cornflower Blue · Aug 26th, 2008, 06:26 PM

Imo, the Banks themselves should have got rid of all the data before sending off this computer server for disposable. All the information should have been wiped beforehand.

As soon as one passes this sort of information to someone else to dispose of, one loses control of it.

It doesn't inspire confidence does it?!

msbird · Aug 26th, 2008, 07:48 PM

Great. I knew I was scared of the web for a reason.

VuittonsLover · Aug 26th, 2008, 11:59 PM

mine was in that pile.. i found out.

ShimmaPuff · Aug 28th, 2008, 09:56 PM

Quote:

Originally Posted by Cornflower Blue

T...if all those details had fallen into unscrupulous hands

...

I think you have to assume that they did.

Whoever put the data from the bank onto this computer, or removed a computer containing that data from the bank could have copied it and distributed it to the entire population of Iceland before putting the computer on eBay.

Once the data is out of the bank's "custody," nobody can say what may or may not have happened to it, which unfortunately means that anyone who thinks that they might have been affected should waste no time in changing absolutely everything and notifying every credit card, every bank, every everything, of what happened.

Aug 26th, 2008, 06:30 AM	#1
mooks Cool Britannia! Location: On The Thames	Bank Customer Data 'Sold on eBay' http://news.bbc.co.uk/1/hi/uk/7581540.stm A computer containing a million bank customers' personal data has reportedly been sold on an internet auction site. The Daily Mail says an ex-worker for archiving firm Graphic Data sold it for £35 on eBay without removing sensitive information from the hard drive. The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers' details were involved. RBS said Graphic Data had told it the PC had apparently been "inappropriately sold on via a third party". It said historical information relating to credit card applications for their bank and others had been on the machine. The information is said to include account details and in some cases customers' signatures, mobile phone numbers and mothers' maiden names. It is thought the problem came to light when the person who bought the computer noticed and raised the alarm. A spokesman for eBay said they had not been contacted by the Daily Mail and were currently looking into what had happened. "Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay. We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site." RBS and Natwest - two of the three businesses involved - said they are taking the issue very seriously and are working to resolve it "as a matter of urgency." Banks have an obligation under the Data Protection Act to keep all personal information secure. Last year the Financial Services Authority fined the Nationwide Building Society £980,000 for a security breach, after a lap top containing customer data was stolen from an employee's home __________________

Aug 26th, 2008, 09:56 AM	#3
~Fabulousity~ ...is rebooting	__________________ Every adversity, every failure, and every heartache carries with it the seed of an equal or greater benefit - Napoleon Hill

Aug 26th, 2008, 10:13 AM	#4
mooks Cool Britannia! Location: On The Thames	Thing is it also contained details from American Express too, could even have been credit card numbers...... __________________

Aug 26th, 2008, 10:28 AM	#5
Veelyn ♥ Bill ♥ Location: The Zou!	eBay doesn't care what goes on their site as long as they get their fee's. __________________ ANIMAL CRUELTY IS NEVER ACCEPTABLE!! *PLEASE HELP GET JUSTICE FOR KARLEY!* *SIGN THE PETITION TODAY!* http://justice4karley.com/upcoming_events_3.html

Aug 26th, 2008, 02:51 PM	#7
Juicy Young, Fab and Broke Location: England	OMG!!!!!!!!! I'm a Natwest customer and i'm not happy! __________________ I Balenciaga (\_/) (O.o) (> <) This is Bunny. Copy Bunny into your signature to help him on his way to world domination.

Aug 26th, 2008, 08:35 AM	#2
Cornflower Blue Member Location: UK	The mind boggles!! This is one of many cases of lost personal data that's happened in the UK in recent months - luckily in this case the guy who bought the computer reported it. Goodness only knows what would have happened if all those details had fallen into unscrupulous hands ...

Aug 26th, 2008, 03:02 PM	#8
mooks Cool Britannia! Location: On The Thames	^^^ My other half is too! __________________

Aug 26th, 2008, 03:14 PM	#9
annanas .	so am i but the media really have blown this out of all proportion, you'd have thought that there was a seller knowingly selling people's bank details on eBay. it doesn't even seem like ebay can be blamed here, if the machine sold for £35 i can hardly imagine the description indicating what was on the hard drive. unless the seller stole the computer (which doesn't seem likely to me - surely a thief would be more inclined to use the information on it for financial gain than selling it for hardly anything), graphic data are to blame for not erasing the information before getting rid of the machine. __________________ all mine

Aug 26th, 2008, 03:59 PM	#10
mooks Cool Britannia! Location: On The Thames	No one has blamed eBay. The blame lies solely in the hands of Graphic Data and the ex-employee who sold the laptop. I think this has been made a big deal of because it comes after what seems to be a plethora of these types of data loss/theft and this laptop contained information such as passwords which if in the wrong hands could have been worth thousands __________________

Aug 26th, 2008, 06:26 PM	#11
Cornflower Blue Member Location: UK	Imo, the Banks themselves should have got rid of all the data before sending off this computer server for disposable. All the information should have been wiped beforehand. As soon as one passes this sort of information to someone else to dispose of, one loses control of it. It doesn't inspire confidence does it?!

Aug 26th, 2008, 07:48 PM	#12
msbird Member	Great. I knew I was scared of the web for a reason.

Aug 26th, 2008, 11:59 PM	#13
VuittonsLover Cartier Crazy	mine was in that pile.. i found out. __________________