NEWS | Wednesday, 27 August 2008

PC containing sensitive bank data sold on eBay

A computer sold for Stg77 on eBay made the news after the Information Commission in London yesterday said it will be launching an investigation to establish how a man from Oxford, who bought the computer off the online auction, has now access to several million bank customers’ personal data on his hard drive.
After noticing he had the data, Andrew Chapman, a 56-year-old IT manager, alerted the authorities. He told the British press that anyone with a basic knowledge of computer software would have been able to find the data fairly simply.
“The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find if you know something about computers,” he said.
American Express, The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers’ details were involved, while the latter added that an archiving firm told it the computer had been “inappropriately sold on via a third party”.
The archiving firm in question, Graphic Data, who was responsible for the computer, said they are investigating on how the machine had been removed from a secure location.
“The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed,” a spokesperson for Graphic Data was quoted to say.
eBay also seems to be taking the matter seriously as it urged Chapman to return the machine to Graphic Data and offered its help to establish how the computer came available for sale on the website.
American Express also said the incident was regrettable and they are doing their best to establish what data is impacted in order to identify the card members who may have been affected.
In February last year, Nationwide was fined Stg980,000 for a security breach, after a laptop containing customer data was stolen from an employee’s home.