Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Your Banking Information Accidentally On Ebay?

Posted by timothy on from the banking-information-eh dept.

GraWil writes "The Toronto Star is reporting how two Bank of Montreal computers containing thousands, of sensitive customer files were sold to a student who fixes up machines and then resells them on eBay. It seems that the company responsible for scrubbing the disks (Rider Computer Services Ltd.) misfiled the machines in their warehouse and it was assumed they had been erased." It's not the first time this sort of thing has happened.

11 of 205 comments (clear)

  1. My take by Matrix2110 · · Score: 3, Insightful

    My take on the whole issue is that somebody caught it and went public with the information soon enough to prevent damage.

    Lets hear it for the unsung heroes in life.

  2. I don't get it.. by Heartz · · Score: 4, Insightful
    But why don't banks just destroy the Hard Disks before selling off the Machines? No matter how much one scrubs off a HDD there's always the risk of exposure of private details of clients.

    They should just get rid of it and save us all alot of headaches while recouping some money from the second hand machine.

    1. Re:I don't get it.. by gl4ss · · Score: 4, Insightful

      most countries armies don't have such a problem of making sure of it(that harddrives don't leave the place, even if other computer scrap leaves).

      heck, everyone should make sure of it.

      it's not like you can set the company premises on fire even if you're not the one set to the ceromonial position of "the one who does not set the premises on fire".

      anyways.. they outsourced that problem to somebody who was willing to say to them(bank) that they're clean.

      --
      world was created 5 seconds before this post as it is.
  3. Destroy, don't sell by Ckwop · · Score: 5, Insightful

    Personally, i think that any hard-drive that has been used for that purpose should be securely destroyed instead of being sold. Simon.

  4. PR Shills by CaptainZapp · · Score: 5, Insightful
    "Our number one priority as an organization is the protection of customer information," said Dina Palozzi, chief privacy officer for the bank, which swiftly seized the computers' hard drives on Saturday afternoon within 24 hours of learning their whereabouts. "This kind of issue we take very, very seriously."

    Don't you just love it? If protection of customer information indeed is your number one priority then why the fsck don't you have procedures is place, which make such a blunder outright impossible? And if you do have such procedures in place why don't you enforce them?

    Are those PR liars (and what else could such a "chief privacy officer" making such an outragous statement actually be?) all cranked out by the Forked Tongue Institute for Marketing & PR, or what?

    --
    ich bin der musikant

    mit taschenrechner in der hand

    kraftwerk

    1. Re:PR Shills by Rogerborg · · Score: 3, Insightful

      Never mind, they can console themselves with the thought that despite bungling their number one priority, they still managed to hit their number two goal, which is to turn a metric assload of other people's money into an assload and a half simply by shuffling it around.

      --
      If you were blocking sigs, you wouldn't have to read this.
  5. not much of a worry.... by Lumpy · · Score: 4, Insightful

    First off unless the entire IT department of the bank are complete morons, most financial data is NOT kept on loacl machines but the file server and the main database machines.

    I know that the caches and things MAY hold some sensitive data but it's highly unlikely.

    Unless the person that used that PC in the bank was also a incompetent boob and say saved a spreadsheet of 200 credit card numbers and information in the local drive (why the hell are you making an insecure document like that?) it's only a mild security breach.

    It shakes the confidence of the customers more than anything else.

    --
    Do not look at laser with remaining good eye.
  6. Copyright? by Quixote · · Score: 5, Insightful
    Here's a question. Why is it that the RIAA can (with a straight face) claim that each of their songs that a person shares is worth $150K, and yet my private information with the bank is worth zilch? Why is it that the RIAA can get $12K from a 12-year old girl and yet the general public can get nothing from these companies that share our private information?

    Shouldn't customers' private information have at least as much rights as some stupid Brittany Spears song?

  7. The bank thanked Ellis... by dpbsmith · · Score: 3, Insightful

    Bravo to them! A refreshing change from all the stories of corporations responding to security issues by shooting the messenger.

    --

    "How to Do Nothing," kids activities, back in print!

  8. Secuirty Check by failedlogic · · Score: 4, Insightful

    Gov't employees, military personnel and law enforcement in sensitive areas have to go through a background check.

    This begs the question, what sort of background checks are performed on the technicians fixing the computers? And what sort of computer security experience do they have?

    I would at least expect a "student" not be employed in this type of position. Give it only to a qualified full-time employee w/ good compensation and benefits - that in itself should be a deterrent.

  9. It's not the reseller's fault by Awptimus+Prime · · Score: 3, Insightful

    The banks should have 0'd or trashed these drives before selling them. I see this type of neglect as soley the responsibility of the bank.

    Why? Well, if you hire an accountant and don't double check his work, it's your arse. Why should it be any different with a corporation's responsibility when it comes to guarding customer data?

    Personally, I would like to see more laws guarding US. Not slapstick anti-terrorism laws directed at destroying personal privacy, but real laws that protect real people. As we are the source of America's economic might. At the point where citizens don't have money to throw at giants, then the giants won't exist anymore. At least, not inside our borders.