Is Your Banking Information Accidentally On Ebay?

GraWil writes "The Toronto Star is reporting how two Bank of Montreal computers containing thousands, of sensitive customer files were sold to a student who fixes up machines and then resells them on eBay. It seems that the company responsible for scrubbing the disks (Rider Computer Services Ltd.) misfiled the machines in their warehouse and it was assumed they had been erased." It's not the first time this sort of thing has happened.

I don't get it..

[Heartz]

But why don't banks just destroy the Hard Disks before selling off the Machines? No matter how much one scrubs off a HDD there's always the risk of exposure of private details of clients.

They should just get rid of it and save us all alot of headaches while recouping some money from the second hand machine.

Re:I don't get it..

[gl4ss]

most countries armies don't have such a problem of making sure of it(that harddrives don't leave the place, even if other computer scrap leaves).

heck, everyone should make sure of it.

it's not like you can set the company premises on fire even if you're not the one set to the ceromonial position of "the one who does not set the premises on fire".

anyways.. they outsourced that problem to somebody who was willing to say to them(bank) that they're clean.

Destroy, don't sell

[Ckwop]

Personally, i think that any hard-drive that has been used for that purpose should be securely destroyed instead of being sold. Simon.

PR Shills

[CaptainZapp]

"Our number one priority as an organization is the protection of customer information," said Dina Palozzi, chief privacy officer for the bank, which swiftly seized the computers' hard drives on Saturday afternoon within 24 hours of learning their whereabouts. "This kind of issue we take very, very seriously."

Don't you just love it? If protection of customer information indeed is your number one priority then why the fsck don't you have procedures is place, which make such a blunder outright impossible? And if you do have such procedures in place why don't you enforce them?

Are those PR liars (and what else could such a "chief privacy officer" making such an outragous statement actually be?) all cranked out by the Forked Tongue Institute for Marketing & PR, or what?

not much of a worry....

[Lumpy]

First off unless the entire IT department of the bank are complete morons, most financial data is NOT kept on loacl machines but the file server and the main database machines.

I know that the caches and things MAY hold some sensitive data but it's highly unlikely.

Unless the person that used that PC in the bank was also a incompetent boob and say saved a spreadsheet of 200 credit card numbers and information in the local drive (why the hell are you making an insecure document like that?) it's only a mild security breach.

It shakes the confidence of the customers more than anything else.

Copyright?

[Quixote]

Here's a question. Why is it that the RIAA can (with a straight face) claim that each of their songs that a person shares is worth $150K, and yet my private information with the bank is worth zilch? Why is it that the RIAA can get $12K from a 12-year old girl and yet the general public can get nothing from these companies that share our private information?

Shouldn't customers' private information have at least as much rights as some stupid Brittany Spears song?

Secuirty Check

[failedlogic]

Gov't employees, military personnel and law enforcement in sensitive areas have to go through a background check.

This begs the question, what sort of background checks are performed on the technicians fixing the computers? And what sort of computer security experience do they have?

I would at least expect a "student" not be employed in this type of position. Give it only to a qualified full-time employee w/ good compensation and benefits - that in itself should be a deterrent.