Are your bank details being sold on eBay?

Filed Under: Data loss, Privacy

How much should the details of a million banking customers cost? Well, if you're looking for it on eBay maybe £35 is about right.

According to many media reports this morning, highly sensitive information on banking customers was found on computer hardware sold on eBay.

Details of American Express, NatWest and Royal Bank of Scotland customers was stored on the hard drive, including names and addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.

Graphic Data, an archiving firm who scan and digitise paperwork from some of the UK's largest financial organizations, were holding the banking information. A former employee of the firm appears to have sold the hardware storing the data on eBay, resulting in the security breach.

British banking customers will be wiping the sweat off their brows this morning as the data appears not to have fallen into the lap of an identity thief, but ended up with an honest man from Oxford.

However, there have also been reports that a second computer may have been lost.

Banks and financial institutions have a legitimate requirement to store lots of information about us - information which is normally well protected from identity thieves and criminals dead set on plundering our accounts. But when they use third party organizations to help them archive and secure their data, they (and indeed all of us) need to be confident that the information will be treated with the utmost security, and not fall into the wrong hands.

The banks concerned must be fuming this morning at Graphic Data's apparently lackadaisical attitude to their customers' data, and will no doubt be asking some tough questions.

* Image source: Liewcf's Flickr photostream (Creative Commons 2.0)

,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.