Personal data of 1m bank customers found on secondhand computer sold on eBay
25th August 2008
Personal details of more than a million bank customers have been found on a computer sold on eBay.
Highly- sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive.
It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.
It was described as 'a data thief's treasure chest', with everything a criminal needs to assume a customer's identity - and clear out their bank account.
The massive data loss - one of the worst ever in Britain - is a clear breach of the banks' obligation under the Data Protection Act to keep all personal information secure.
Coming just days after the Home Office admitted losing the details of 127,000 criminals, it is certain to fuel public concern about how Government and businesses look after our secrets.
Last night it was revealed that a second computer from the same site has gone missing, meaning yet more information could have leaked.
LINK
Like I said...
Started by
Rogerdodger
, Aug 25 2008 06:16 PM
2 replies to this topic
#1
Rogerdodger
-
- TT Member*
-
- 26,991 posts
Member
#2
arbman
-
- Traders-Talk User
- 19,504 posts
Quant
Posted 25 August 2008 - 10:31 PM
The solution to all of these stolen information is so easy to prevent, I am shocked to hear them over and over. Your personal data should always be kept encrypted. The data and the encryption keys should also be stored on two separate computers. So, if the data computers are stolen, nobody can do anything with the encrypted data, if the keys are stolen, they won't have the data. You can also encrypt them all with a global banking password known only to the branch managers and if all of the computers are stolen, they still won't know how to decrypt the data and the keys. You can go one step further and store the data and key computers on physically two different locations too. You have to actually try really hard to screw up in this information age, but there is no limit to the humans' stupidity...
#3
DRYALLS
-
- Admin
- 193 posts
Member
Posted 26 August 2008 - 06:08 AM
It is far better to make the whole PC disk encrypted so that it will not even start up unless a username and password is typed in, and it won't boot up from USB, floppy, CD whatever. Something like this link
As for that linked article it's very badly written and doesn't explain what has happened. Apparently it isn't a whole computer, it's a hard disk, and appears to have been lost due to a former employee's dishonesty rather than carelessness. And it isn't the bank that's lost the data, it's one of their suppliers, who scan the bank's post and application forms, then send the data on to the bank.
It's time to make this kind of irresponsibility in data security a 'coprporate negligence' criminal offence and start hitting the company directors where it hurts [in their wallets] rather than fining the companies who just pass on the costs to their customers.
As for that linked article it's very badly written and doesn't explain what has happened. Apparently it isn't a whole computer, it's a hard disk, and appears to have been lost due to a former employee's dishonesty rather than carelessness. And it isn't the bank that's lost the data, it's one of their suppliers, who scan the bank's post and application forms, then send the data on to the bank.
It's time to make this kind of irresponsibility in data security a 'coprporate negligence' criminal offence and start hitting the company directors where it hurts [in their wallets] rather than fining the companies who just pass on the costs to their customers.
Oh, I said "I'm so happy, I could die."
She said "Drop dead," then left with another guy.
She said "Drop dead," then left with another guy.
