Who needs to steal data, when you can buy it on eBay?

Last month I blogged about the personal details of a million British banking customers being sold on eBay through the auction of computer hardware that hadn’t been properly wiped.

It sounds as though eBay is now becoming something of a treasure trove for anyone interested in picking up what should be confidential information on second-hand equipment, with two new embarrassing stories coming to light in the last 24 hours.

Firstly, the BBC is reporting that VPN equipment sold for just 99 pence on eBay, allowed a security expert to access the internal network of Kirklees Council in West Yorkshire. If the council had ensured that the device was properly wiped before disposal, then this would have been impossible.

Secondly, The Guardian newspaper and others have revealed that a second-hand digital camera sold on eBay contained the names, fingerprints, photographs and academic histories of terrorist suspects.

The Nikon Cool Pix camera, bought for £17 by a delivery driver from Hemel Hempstead, also contained images of missile launchers and material connected to an Al Qaeda suspect apprehended by the CIA last year.

This is all becoming a bit of a joke isn’t it? The authorities are said to be investigating these incidents, but I think we all know that this is far from the last time we will hear of sensitive data needlessly leaking into the public eye because of lax policies. A clear message needs to be sent to everyone to always think very carefully of how you dispose of electronic equipment, and to make sure that any sensitive data has been securely wiped.

* Image source: Liewcf’s Flickr photostream (Creative Commons 2.0)