[Dataloss] Data watchdogs did not want to see eBay bank server
security curmudgeon
jericho at attrition.org
Sat Aug 30 19:15:16 UTC 2008
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.theregister.co.uk/2008/08/28/data_bank_details/
By John Oates
The Register
28th August 2008
The man who paid 35UKP for a server stuffed full of Royal Bank of Scotland
and NatWest customer details has been left less than impressed with the
reaction of UK data regulators.
Andrew Chapman's story hit the news after he bought a server on eBay which
contained over a million customer details including full account details,
mothers' maiden names, addresses and even scans of signatures. But neither
the Financial Services Authority nor the Information Commissioner's Office
contacted Chapman when he went public with what he found inside the
machine.
Chapman said he phoned the Information Commissioner Office's head of
investigations and offered him the machine. Instead he was told to return
it to Graphic Data.
Chapman, an IT manager from Oxford, told the Reg: "I don't really see how
either the FSA or ICO can ascertain what happened by relying on Graphic
Data. It is a nonsense to ask companies to self-report." He said he was
told the ICO had no power to seize equipment - although that clearly would
not have been necessary in this case.
[...]
http://conference.hackinthebox.org/hitbsecconf2008kl/
More information about the Dataloss
mailing list