Bank Account Information up for Sale

Information belonging to one million people sold on eBay

By on August 28th, 2008 00:40 GMT

An IT manager who bought a second-hand computer from eBay discovered that the hard disk of the machine contained the bank information of 1 million persons. The computer, which was sold for £35 (approximately $75), had previously belonged to Graphic Data, a company that stores information of clients of banks and of other types of companies.

 

Data found on the discarded computer included bank account numbers, telephone numbers, and other details of one million customers of NatWest, the Royal Bank of Scotland and American Express. The man who accidentally got his hands on all these details has disclosed none to any third party, from what is known of the incident so far.

 

“We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared. We want to stress that this is an isolated incident and we are investigating how the server was removed and sold. This is a very unfortunate incident and we are taking measures to ensure it will never happen again.” a spokesman for the company responsible for the loss of the confidential data stated.

 

According to the Mail Online, the Information Commissioner's Office has already initiated an investigation meant to determine who was behind the potential infringement of the Data Protection Act. “A data breach is very serious. Our investigation will look at the circumstances of how this happened, and we will be seeking an urgent explanation from Graphic Data to establish what has gone wrong and the steps that are being taken to prevent a similar incident occurring.” said an official for the same source.

 

Meanwhile, the computer sold on eBay has returned to its rightful owner, together with a second server that was auctioned for and won by the IT manager. Although, apparently, the information was not used for malicious purposes, an investigation is necessary to determine if the alleged data breach somehow put at risk the security of the one million bank customers.

Comments