[Dataloss] Personal data of 1m bank customers found on secondhand computer sold on eBay for 35UKP

security curmudgeon jericho at attrition.org
Tue Aug 26 09:46:47 UTC 2008



---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>

http://www.dailymail.co.uk/news/article-1049121/Personal-data-1m-bank-customers-secondhand-sold-eBay-35.html

By Dan Newling
dailymail.co.uk
25th August 2008

Personal details of more than a million bank customers have been found on 
a computer sold on eBay.

Highly- sensitive information on American Express, NatWest and Royal Bank 
of Scotland customers was stored on the machine's hard drive.

It includes names, addresses, mobile phone numbers, bank account numbers, 
sort codes, credit card numbers, mothers' maiden names and even 
signatures.

It was described as 'a data thief's treasure chest', with everything a 
criminal needs to assume a customer's identity - and clear out their bank 
account.

The massive data loss - one of the worst ever in Britain - is a clear 
breach of the banks' obligation under the Data Protection Act to keep all 
personal information secure.

Coming just days after the Home Office admitted losing the details of 
127,000 criminals, it is certain to fuel public concern about how 
Government and businesses look after our secrets.

Last night it was revealed that a second computer from the same site has 
gone missing, meaning yet more information could have leaked.

IT security expert Adam Laurie said: 'This is appalling. This information 
is worth millions - a thief could easily use it to go on an enormous 
shopping spree.'

[...]


More information about the Dataloss mailing list