14 DAY TRIAL // Journalists from the Frankfurter Rundschau (German) magazine had a shock when they examined the contents of a strange cardboard box sent to their office. It contained credit card bills and detailed banking information, including PIN numbers, that were stored on microfilm.
The extensive data that should have been confidential, included names, addresses, bank account numbers, credit card numbers with associated PINs, and even information of various transactions. The data belonged to Landesbank Berlin, the country's biggest credit cards issuer, which meant that the security breach affected customers from all over Germany.
“People holding the following credit cards are among those affected - Amazon Visa, White Lable Premium, various ADAC visa and master cards, LBB cards, and even the Xbox classic card,” The Local reports, while also quoting a spokesman for the Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, who notes that “the diversity and actuality of the data is unimaginable. I would not have considered such a thing to be possible.”
According to the local media reports, some of the transactions are dated as recently as August, 2008, but it is still uncertain how the data was leaked, or why it was stored on microfilm, a data storage medium that no longer conforms to modern standards. Landesbank and its financial services provider, Atos Worldline, say that an investigation into the incident was started immediately.
Meanwhile, officials have expressed concern over the possibility of this data being already offered for sale on the underground, especially since about a week ago reporters from the WirtschaftsWoche, another German publication, made a similarly shocking discovery when they acquired a CD containing the banking information of 1,2 million citizens. The CD was just a sample offered by two individuals claiming to have 21 million similar banking records for sale at a price of around $15 million.
“This is a scandal of considerable scale,” Alexander Dix, data security representative for the Berlin state, notes. Graham Cluley, senior technology consultant at security vendor Sophos, remarks that “This very valuable data, [...] would be an identity thief’s dream.” The events in the past several months determined Peter Schaar to call for stricter legislation regarding the handling of sensitive data, which would force companies to take responsibility and suffer consequences for such security breaches.
We previously reported that, about two months ago, yet another German newspaper, Der Spiegel, uncovered that giant mobile operator T-Mobile kept secret for 2 years a data leak incident, which compromised the personal information of 17 million subscribers.