Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Banks Dump Credentials in Bin Bags

Posted by ryuzaki0 on from the airing-the-trash dept.

Plutonite writes "BBC news is reporting that several UK banks face 'unlimited fines' for careless handling of sensitive client information. This apparently came after investigators found account details while rummaging through the trash outside the banks involved. In this age of online banking and related security problems, and in light of this scandal, where can we expect to find the greatest threat of ID theft?"

7 of 87 comments (clear)

  1. Family Guy said it best: by Majik+Sheff · · Score: 4, Funny

    Frank: Gentlemen, I propose we send a message to tobacco companies by fining the El Dorado Cigarette Company infinity billion dollars!
    Congressman: That's the spirit, Frank! But I think a real number might be more effective.

    --
    Women are like electronics: you don't know how damaged they are until you try to turn them on.
  2. Re:Laws by James_Duncan8181 · · Score: 4, Informative

    Actually the Data Protection Act is UK law, and makes these fines possible. We have all the protections that USians on /. frequently wish for. From the relevant Act:

    2.1 Regarding the release of personal data to third parties without specific consent (or publication with the same effect), the assumption is that this is not permitted, except where specific exemptions apply. These exemptions now include:

    - where required by law or statutory instrument;

    - where required to prevent or detect crime;

    - where required to assess or collect tax or duty;

    - release to a third party who is sub-contracted to process the data in a way that meets DPA rules.

    2.2 With regard to subject access rights, the data subject is presumed to be entitled to access all personal data held about her/himself that falls under the scope of the new Act, with the following main exemptions (i.e. cases where the controller of the data may decline to release certain data, but must justify doing so):

    - where disclosure unavoidably identifies a third party;

    - where the data was supplied in confidence e.g. references and similar judgements (but please note that examiners' marks and/or comments cannot be assumed to be exempt from disclosure.)

    What else could you want? The Act allows for both civil and criminal penalties, so the banks may well be in for quite the can of whoopass.

    --
    "To any truly impartial person, it would be obvious that I am right."
  3. Not uncommon in the US by truthsearch · · Score: 4, Interesting

    Many financial institutions' IT departments in the US have no policies for paper shredding. I was always mindful to shred account information, but many of my coworkers were not. No rules were published and I've never heard it brought up as an issue by management.

    You might be wondering why IT staff would have account information on paper. There are a variety of reasons. Periodic statements still go to most customers by paper, and the IT departments are responsible for their automation. A large percentage of people on the business side still like to see reports on paper and often the IT department is responsible for generating them. We are very far from having paperless companies. And in my experience paper disposal policies are largely missing or ignored.

    --
    Developers: We can use your help.
  4. it aint ever been safe by eneville · · Score: 4, Informative

    time to store all my money under the mattress now.

    its not really easy to get money out the banks though. they open after i start work, close before i finish, they're difficult during the lunch hour. hell, they only people they're accessible to is bank robbers.

    --
    Why UNIX?
  5. Not in corporate offices by truthsearch · · Score: 4, Insightful

    Most corporate Windows machines are behind firewalls. They're not perfect, but they're pretty good. Windows servers are almost always set up behind even more strict firewalls. Ideally servers exposed to the internet are on a different network segment than the internal servers containing even more data.

    The greatest threat to ID theft has always been humans. The vast majority of security breaches are from social engineering.

    --
    Developers: We can use your help.
  6. Re:Sounds like airport security by MrShaggy · · Score: 4, Funny

    Of course.

    If you are digging around in the banks garbage, you must be a terrorist

    --
    I have mod points and I am not afraid to use them.
  7. My father's story... by IcebergSlim · · Score: 5, Interesting

    5 or 6 years ago my father came down with cancer, and his wife (now ex) took over the regular task of managing the finances of the household, etc. (This was in Wisconsin.) She also took it upon herself to fraudulently clean out his "Federally Protected" IRA, all of his *non-joint* accounts, filed false tax returns, and then ran up tens of thousands of dollars in debt in his name (hiding the statements and records to keep the game going as long as possible). She even bought a $20,000 diamond ring and a Mercedes for herself -- all while my Father was going through radiation treatment and surgery, etc. Finally, the house of cards came tumbling down, the police were notified, and she admitted everything.

    The result, 5 years later: We found out that the bank had known this fraud was taking place on his accounts (we have one of their internal documents explicitly stating this), yet they covered this up during the discovery process and only gave it to us years later. She's never been arrested nor paid any restitution for what she did, the "Federally Protected" IRA was never reinstated, and a judge in Wisconsin had my father put in jail for refusing to give her his car, which the judge had mistakenly awarded to both of them during the divorce trial. My father sued the bank and has recovered nothing to date.

    Your money is not safe, and no one cares.