Bank A/C information on c. 1million customers sold on Ebay

The Scotsman said:
Banks warn millions after computer with personal details sold on eBay

Published Date: 27 August 2008
ABOUT a million customers across the UK will be contacted by three high-street banks after a computer holding their personal details was sold on the auction website eBay for £35.

Information found on the computer included the bank account numbers, phone numbers, mothers' maiden names and signatures of customers of American Express, NatWest and Royal Bank of Scotland.

The eBay buyer, Andrew Chapman, an IT manager from Oxford, found the information on the computer's hard drive and raised the alarm.

The banks involved refused to disclose what advice would be given to customers whose details – understood to date back about three years – were on the computer. It is thought unlikely the computer had fallen into the hands of criminals. The customers affected are likely to be asked simply to check their account statements.

The computer belonged to a data processing company, Mail Source, part of Graphic Data, a firm that holds financial information for organisations, and was used at Mail Source's secure storage facility in Essex.

Mail Source said it was still investigating how an employee – who has since left the firm – had come by the computer, which had not had its disk wiped.

Mr Chapman, 56, said it was unlikely "any man on the street" would have bought the computer, as it was listed on eBay as a server from a data centre, but a basic knowledge of computers would have made accessing the information quite simple. He added: "It would possibly have been quite easy to find if you know something about computers. It's lucky I found it."

James Jones, of the credit reference agency Experian, said people should not panic as the information had not fallen into the wrong hands. He said: "This is a bit of a close shave, although it is hardly isolated. Unless you've been particularly careless with your details, the bank will always cover the cost of any fraudulent activity on your account."

Sandra Quinn, director of communications at the payments body Apacs, said: "Since this information appears to be more than three years old and the information does not itself appear to have been sold on, it's likely that the banks involved will simply write to customers and ask them to check their statements."

Mail Source insisted the employee who sold the computer had made an "honest mistake". The company is investigating how it was removed from a secure location, but stressed the sale was an "isolated incident".

A spokeswoman said: "The computer was removed from our secure storage facility and sold on eBay. It was neither planned nor instructed by the company to be disposed of. We know which employee took the server and sold it, but we believe it was an honest mistake and it wasn't intentional to sell it without the server being cleared. We're taking measures to ensure it'll never happen again."

An RBS spokeswoman said: "We take this issue extremely seriously and are working to resolve this regrettable loss as a matter of urgency."

A spokeswoman for American Express added: "We take the security of our card member data extremely seriously and have strict guidelines for suppliers around the security of information. We're currently working as a matter of priority to establish exactly what data is impacted and identify the card members who may be affected."

A spokeswoman for the Information Commissioner's Office said an investigation would be launched.

Similar threads

Latest Threads