August 26, 2008

Bank customer data sold on eBay

Filed under: Latest — Tags: alarm, Bank, Bank customer data sold on eBay, businesses, company, credit card, customer, data, Data Protection Act, Ebay, equipment, Graphic, hard drive, historical information, Internet, internet auction site, IT, IT equipment, laptop, machine, Mail Source, mobile phone, Natwest, Oxford, party, personal data, RBS, Royal, Royal Bank of Scotland, security, sensitive information, signatures, sold, woman, working — expressyoureself @ 1:03 pm

Bank customer data sold on eBay

eBay was first launched as Auction Web in 1995

An investigation is under way into how a computer containing bank customers’ personal data was sold on an internet auction site.

The PC, which was reportedly sold for £35 on eBay, had sensitive information on the hard drive.

The Royal Bank of Scotland (RBS) and its subsidiary, Natwest, have confirmed their customers’ details were involved.

RBS says an archiving firm told it the PC had apparently been “inappropriately sold on via a third party”.

It said historical information relating to credit card applications for their bank and others had been on the machine.

The information is said to include account details and in some cases customers’ signatures, mobile phone numbers and mothers’ maiden names.

RBS and Natwest – two of the three businesses involved – said they are taking the issue very seriously and are working to resolve it “as a matter of urgency”.

A spokeswoman for data processing company Mail Source, which is part of the archiving firm Graphic Data, said it was investigating how the computer equipment had been removed from a secure location.

“The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed.”

Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay

eBay spokesman

When financial data goes missing

She said the incident was extremely regrettable and the firm was “taking every possible step” to retrieve the data and ensure it was an isolated incident.

It is thought the problem came to light when Andrew Chapman, an IT manager from Oxford, bought the computer, noticed the data and raised the alarm.

The Daily Mail said the computer, containing a million bank customers’ personal data, had been sold for £35.

A spokesman for eBay said they were currently looking into what had happened.

“Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay. We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site.”

Banks have an obligation under the Data Protection Act to keep all personal information secure.

Last year the Financial Services Authority fined the Nationwide Building Society £980,000 for a security breach, after a laptop containing customer data was stolen from an employee’s home.