14 DAY TRIAL // A German magazine has led a journalistic investigation that has uncovered a data leak of an astonishing 21 million banking details. The information is up for sale on the black market for no less than €11.5 million (almost $15 million).
Reporters from the WirtschaftsWoche magazine received a tip about the banking details of large number of German citizens being in circulation on the underground market. With the help of a middle man, the journalists set up a meeting at Das Steigenberger Hotel in Hamburg with two individuals identified only as Jann F. and Ronald, who claimed to be in the possession of the data.
The two men told the reporters that they had 21 million records for sale, and, after negotiations, a price of 55 euro cents per record was established. However, the dealers did not sit at the table empty handed, bringing with them a sample CD that contained 1.2 million banking accounts along with personally identifiable information.
The undercover reporters, who claimed to work for several companies specialized in gambling activities, succeeded in immediately acquiring the sample CD, and taking it back for analysis. The information on it was extensive, as in addition to names, addresses, birth dates, phone numbers, bank account numbers, it contained detailed data on other assets as well.
The journalists estimate that "in the worst case, three out of four German households would have to be afraid that some money could be taken from their checking account without their authorization, and perhaps even without their realizing it." A way this information could be exploited is by withdrawing very small amounts of money from each account and passing the transaction as annual fees or something similar, the reporters exemplify.
The business news magazine passed the CD to the authorities, who are currently investigating the incident, but from the looks of it the data has been stolen from call and data centers as the result of multiple security breachers that can range from unauthorized access to employee negligence.
Germany's Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, has called for more strict legislation pertaining to data handling. "It is essential that personal data cannot be transmitted with the individual's explicit agreement […]," Mr. Schaar has commented for a local television, according to The Register.
This is the second major data leak incident uncovered in Germany in the past two months. At the beginning of October, the Der Spiegel magazine exposed a security breach at the German branch of the mobile phone services operator T-Mobile. The incident that occurred in early 2006 and was kept secret by the company compromised the personal information of 17 million subscribers.