Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Your Banking Information Accidentally On Ebay?

Posted by timothy on from the banking-information-eh dept.

GraWil writes "The Toronto Star is reporting how two Bank of Montreal computers containing thousands, of sensitive customer files were sold to a student who fixes up machines and then resells them on eBay. It seems that the company responsible for scrubbing the disks (Rider Computer Services Ltd.) misfiled the machines in their warehouse and it was assumed they had been erased." It's not the first time this sort of thing has happened.

5 of 205 comments (clear)

  1. Re:They should have used Norton Wipeinfo by commodoresloat · · Score: 4, Informative

    yeah -
    a damn
    shame.

  2. Re:They should have used Norton Wipeinfo by Mr_Silver · · Score: 3, Informative
    yeah - a damn shame.

    You don't have to pay for Norton Wipeinfo if you're on Windows.

    I'm told that both Scrub and Eraser are pretty good - although I haven't used them.

    Both of which are free (in the "don't have to pay any money" sense)

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  3. Even then by CaptainZapp · · Score: 5, Informative
    I worked for a bank for a few years (in a country far away, where they have numbered accounts and you're actually looking at jail time for revealing customer data) and something like this was just unheard of.

    The absolute main security issue was customer data. Not that they would have fancied embezzlement or theft but this was looked upon far less serious then compromising customer data, period.

    In the data centers (which you had to physically access in order to query real customer data, safe for the front office and also there it was very restricted what you could look at) you had to go through multiple layers of security and where not permitted to even remove a printout.

    Computers where dismanteled and disks shredded, they where never for resale. This was applicable for every last computer from every last branch and office

    Now, I agree shit happens. Probably in their case it started with outsourcing such a critical tasks to "ACMEs chep disk blanking operation" in order to save a few bucks. This is not really excusable, but it happens.

    But what really gets my blood boiling are statements like the one from that PR bimbo, which are just utter bullshit.

    Maybe she should apply for a job at Microsoft to sell "trustworthy computing".

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

  4. use HD built in wipe by j_dot_bomb · · Score: 5, Informative

    Modern hard drives have commands "SECURITY ERASE" and "ENHANCED SECURITY ERASE". Search for those terms and hdparm on google. Also below is a link to the quality of the erasure. Note: these will erase even bad "mapped out" sectors. Enhanced erase will even go off track + and minus which erases the edges. atapwd.zip does regular erase (search).

    http://www.tomcoughlin.com/Techpapers/Secure%20E ra se%20Article%20for%20IDEMA,%20042502.pdf

  5. Some free wipe tools, was: Re: Norton Wipeinfo by bourne · · Score: 4, Informative

    It's a shame that there isn't a Linux program that does something similar.

    Others have mentioned specific utilities, but with almost any bootable CDROM Linux variant you can wipe a disk pretty throroughly as follows. This is for when you're retiring a system and want to overwrite the entire disk, not scrubbing free space on a live system:

    for i in `seq 1 10`
    do
    dd if=/dev/urandom of=/dev/hda
    done

    This will write pseudo-random data over the hard drive 10 times. To make it happen more times, change '10' to 'N' where N is larger than 10 in the 'seq' command. To use true random data rather than pseudo-random, use /dev/random, but realize it may hang waiting to gain more entropy and, for this use, I'm not sure there is any real advantage in true randomness.

    You can also use 'dd' on a live system, writing to a file instead of a partition, and fill up free space on that partition (then delete the file!). This will overwrite data from deleted files, but will not get slack space, which is the particular advantage of using the 'wipe' tool that someone else mentioned. Also, remember only root can fill the filesystem; everyone else gets cut off with some small % free.

    Windows users should also realize that with Windows 2000 (um, SP3 I think) and above the EFS tool 'cipher' will allow you to wipe unused disk space, so that you can proactively make sure that deleted files aren't hanging around on disk. This is useful if you want to make sure old files don't accumulate on the hard drive of a working system, especially physically insecure laptops etc. etc. It presumes the NTFS file system, of course.

    cipher /w:c:

    will overwrite the free space on the C: partition with 0s, then 1s, then random data. I'm not sure if it gets slack space.

    Of course, a very slim possibility remains that sophisticated and expensive physical analysis will still recover data from disks wiped in this manner. Unless you've seriously honked off the NSA, however, these should provide sufficient protection for most uses.