digg

Facebook Connect Join Digg About

Bank Details of 1 Million Customers Sold on eBay

eweek.com Personal details of more than 1 million customers of Royal Bank of Scotland, American Express and NatWest are found on a computer sold on auction site eBay.

Who dugg this? Made popular Aug 27, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

68 Comments

show profanity settings
expand all
  • toconnor, on 08/27/2008, -2/+84GREAT LAPTOP!!!! I KNOW OF 1M PEOPLE THAT WILL BUY FROM YOU AGAIN! A+++++++++++++++++++
  • imightbewrong, on 08/27/2008, -3/+64from the title i thought someone deliberately sold customer information for money
  • nypix, on 08/27/2008, -0/+24Companies need to be held liable if your personal info is stolen from their network.

    You'll see how quickly it would become locked up tight if so.
  • smurfsahoy, on 08/27/2008, -3/+22What kind of dumbass company keeps bank records on employees' personal computers in the first place?
  • m0zzie, on 08/26/2008, -2/+19wow.. if Graphic Data has a CISO, he's all the way up ***** Creek without a paddle.

    it's amazing that even today people still don't seem to understand the importance of information security. a company can have the most secure firewalls and networks in the world to protect their data - but it's completely useless unless staff are properly trained on information security and understand that they can cause some serious ***** if they give away information that is not theirs to give away.
  • lovecss, on 08/27/2008, -4/+19Can't wait to see the feedback the buyer leaves!
  • Homerr, on 08/27/2008, -0/+12I bought a Raptor off Ebay a couple of years ago. It had all financial info including passwords, pictures, passwords/logins to various forums. I did format the drive and deleted everything, but I have to admit that the thought did cross my mind of screwing with the person. I'm not that kind of person though, plus I got a good deal on the drive. Now, a million names....
  • jessehadden, on 08/27/2008, -0/+10"Great purchase, friendly seller, fast shipping -- nice product with unadvertised bonus -- the gift that keeps on giving!"

    Or something like that. I'm kinda guessing about the shipping speed.
  • FuzzyCat, on 08/27/2008, -1/+9At some point these banks are actually going to have to take some responsibility for any identity theft that occurs. Of course we all know that they wont because that's how they normally behave - in their business the customer is always wrong.


  • altgeeky1, on 08/27/2008, -1/+8Outsourcing the job shields the bank from any liability. It's like when Walmart hires a cleaning company that uses illegal aliens... it's not THEIR fault.
  • jamesdew, on 08/27/2008, -0/+6yes all the news outlets seem to be implying that, now even digg submitters are doing it.
  • inactive, on 08/27/2008, -1/+7You'd be surprised how many dumbass companies keep public records on employees' personal computers.
  • jamesdew, on 08/27/2008, -0/+5Well they all have a degree of responsibility

    The bank hired a firm with aparently insuffcient security measures
    The firm's security measures were insufficient
    The firm's employee didn't follow correct procedure/procedure was wrong/the firm didn't train employee properly
    The HDD should not have left the firms possession without being completly wiped.
  • jamesdew, on 08/27/2008, -0/+4you would think a bank would have better security than your average company though.
  • jimfeet, on 08/27/2008, -3/+7Clearly there is a chain of event here that would have been difficult to manage.

    1. The bank hired a 3rd party company to handle archiving.
    2. The archiving company had an employee who apparently copied data onto a personal machine.
    3. The individual sold the machine on eBay without cleaning the drive.

    Ultimately of course, the bank is responsible but the 3rd party company should be held to account for permitting a user to copy the data. 'Course he/she could have copied the data to a thumb drive without being detected. Still the archiving company is clearly to blame.

    The former employee is obviously the one who is most to blame and should be prosecuted for criminal offense.
  • inactive, on 08/27/2008, -0/+4I'm a big believer in corporate responsibility but even here I say this is none of eBay's affair.
    If you (hypothetically) bought an animal off eBay, should eBay be responsible for confirming the animal has been examined by a vet for hereditary diseases and has its required shots?
    If you buy a car, should eBay be responsible for a multi-point inspection to ensure it's not a lemon?
    eBay is essentially the guy who owns the fairgrounds where the flea market is held - they're just renting out stalls and keeping the bathrooms clean. It's asking too much to expect them to police everything.
  • BXRWXR, on 08/27/2008, -0/+3George Bush, is that you?
  • sERIALeATER, on 08/26/2008, -9/+12I can smell the odor of someone getting fired!
  • azhura, on 08/27/2008, -0/+2I know someone who works for a major cell phone company. He told me about how employees keep that stuff on their laptops (and yes, one was stolen once). The IT department argued hard about not allowing them to do that since there is always a chance of a breach, but their protests were overruled by someone in upper management for "convenience sake".
    My friend still thinks that they are nuts but what can he do if his department is told to keep their logic to themselves? Upper management is often to blame for these scenerios.
  • fixyourthinking, on 08/27/2008, -0/+2I would say that I have at LEAST one New Zealander purchasing from my eBay auction a month.
  • isukeyo, on 08/27/2008, -0/+2READ THE ARTICLE! It wasn't an employees personal computer - it was the company's. The article clearly states the company says the employee inappropriately sold one of their computers.
  • roxya, on 08/27/2008, -0/+2The government here (UK - where this took place) lose as much data if not more than banks do.
  • WELLDOITLIVE, on 08/27/2008, -0/+2Undress?
  • inactive, on 08/27/2008, -1/+3Why would I think that? Banks are companies with employees. Employees (users) are the biggest inherent security risk out there because they do stupid/unorthodox things that aren't planned for. It's usually not malicious and is just a matter of an employee trying to finish up, or get a head start on some project they are working on, but it happens.

    This happens in all companies, and is one of the reasons why HIPAA was created for the healthcare industry. There should probably be some government-mandated standard created for financial instititutions as well. The only problem is that it would be a ltitle more difficult to implement given the necessity of having personal information on customers easily available to so many employees.
  • jimfeet, on 08/27/2008, -0/+2Seems to me that selling a company-owned computer is a criminal offense. Where I come from that's called theft. (Unless he sold it FOR the comany.)
  • FlimBlimmer, on 08/27/2008, -0/+2Agreed. I'd bury this story over the inaccuracy of the title, if the story wasn't so important to digg.
  • saikyan, on 08/27/2008, -0/+2Imagine if they spun all news like this! We would be a nation of misinformed fools!

    Oh wait...
  • lordsandwich, on 08/27/2008, -0/+2Have you figured out how babby is formed yet?
  • aphex732, on 08/27/2008, -2/+4How do you ship a million customers that were sold on ebay? And what do I want with their bank details?
  • ext237, on 08/28/2008, -0/+1Companies do not take this stuff serious! Just 4 days ago there was a very similar article about a laptop found in a pawnshop!

    http://server.dzone.com/articles/administrators-fo ...

    Complete company financial data was sitting out in public view for anyone to read. Nuts.
  • geoffallan, on 08/27/2008, -0/+1It was in fact a server not a PC or Laptop, this opens up even more of a problem with their companys security and how they treat outdated hardware.
  • Tripper44, on 08/27/2008, -2/+3Clever ;)
  • riptor666, on 08/28/2008, -0/+1This is why I stick with Craigslist, what a load of b.s you pay them a ***** of fees, have to ship an item and then they can't even keep your privacy information?
  • yourmanstan, on 08/27/2008, -0/+1just another advertisement for Todd Davis
  • kinglenster, on 08/27/2008, -1/+2Jokes aside, surely some massive fines would stop these banks being so lax with our data. They make far too much profit and I don't give a ***** about their shareholders before someone brings that up.
  • SimmaDownNow, on 08/27/2008, -0/+1It is very very likely that many of our identities are already in the hands of unscrupulous people. The amount of information I had to fork over just to rent movies just boggled my mind. Then the person I gave it to didn't work there three months later.
  • smurfsahoy, on 08/27/2008, -0/+1Ack, it cut off my edit ability - I meant to add that while of course you can download anything you are viewing somehow or other, via various workarounds, most workers aren't going to go to all the trouble when it's clear they're not supposed to. Only malicious ones would, which comprise the vast minority of leaked data.

    Your average joe just looking to finish up work at home would not be sitting there altering hex codes or taking screenshots of some spreadsheet, or whatever it takes, when his download is denied, or copy/paste is disabled. He'd just give up and not work at home.
  • inactive, on 08/27/2008, -1/+2was it sold to a Nigerian Prince?
  • isukeyo, on 08/27/2008, -0/+1READ THE ARTICLE!

    The computer that had the information and was sold was not an employee's personal computer - it was the company's computer and was sold without the consent or knowledge of the company by one of it's employees.

    "The former employee is obviously the one who is most to blame and should be prosecuted for criminal offense."
    Are you kidding me? They are certainly liable since the information was entrusted to them, however, this has NOTHING to do with criminal law! No law's were broken. This is a civil case.
  • Dantetheinferno, on 08/27/2008, -0/+1I smell bears....
  • inactive, on 08/27/2008, -0/+1http://www.ebay.co.nz/
  • robbh66, on 08/27/2008, -4/+5I can smell the stink of a sensationalized headline. A laptop was sold that contained the information. The details it happened to contain were not a selling point.

    Buried.
  • tHeSiD, on 08/27/2008, -0/+1well
    what if i know your bank acc no and password?
  • jetblackz4, on 08/27/2008, -0/+1FDISK
  • censorshipwreck, on 08/27/2008, -0/+1" 'Course he/she could have copied the data to a thumb drive without being detected. Still the archiving company is clearly to blame."

    Should have stego'd the info into a bunch of LOLCAT photos. I hear that's the way to go now.
  • inactive, on 08/27/2008, -0/+1Yes, servers are great, but they don't completely eliminate the problem. If someone is accessing a server remotely from their home machine, what is stopping them from simply copying/pasting data into excel or word and saving it locally? Or better yet, emailing data from their office machine to a personal email account, then accessing that data and saving it locally? There are TONS of people who do both of those, but aren't aware of security risks for whatever reasons.
  • smurfsahoy, on 08/27/2008, -0/+1The server doesn't have to allow uploading or downloading...
  • smurfsahoy, on 08/27/2008, -0/+1It's called a server. And you have these password thingies you use to access it with from your machine.
  • gcauthon, on 08/27/2008, -0/+1As if that makes a difference. Sure, someone gave away private information for a million people and subjected them to possible identity theft. But this person remembered to say "oops" so that makes it all better.
  • Fetching more discussions...
    Show 51 - 72 of 72 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.