Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer With UK Bank Customer Data Sold On eBay

Posted by kdawson on from the fingers-pointing-in-a-circle dept.

Walpurgiss tips a BBC News story about a man in Oxford who paid $140 for a computer on eBay, and was shocked to find on it bank records of several million customers of the Royal Bank of Scotland, its subsidiary Natwest, and one other bank. "Mr. Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply. 'The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find...,' he said."

10 of 184 comments (clear)

  1. Honesty by Enderandrew · · Score: 5, Insightful

    Kudos for him for speaking up rather than trying to abuse the situation.

    --
    http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    1. Re:Honesty by PunkOfLinux · · Score: 5, Insightful

      Agreed, although we shouldn't be forced to think that doing the right thing is so rare that we must laud it.

      Still, good job.

      --
      Show this to your friends and family that don't know what a real hacker is
    2. Re:Honesty by Jimbob+The+Mighty · · Score: 4, Insightful

      No, given that the computer will be seized by the police as evidence in some sort of criminal case, somebody owes him a computer, as well as their thanks and a pat on the back.

  2. Re:it's all an equation by BLAG-blast · · Score: 4, Insightful

    Dummy says dummy...

    They made an ISO, made 3 CDs of each ISO (one for the filing cabinet, one for off site back up, one for the on site safe), then didn't both deleting the ISOs...

    It's dumb, but not as dumb as your ideas.

    --
    M0571y H@rml355.
  3. Taking bets! by RyoShin · · Score: 4, Insightful

    How many days do you think it will be before the government tries to charge him with something or the bank in question tries to sue him? I'd be pleasantly surprised if neither happened.

    Also, the summary leaves out something that might affect those of us on the other side of the pond:

    A spokeswoman for the third company reported to be involved, American Express, said it took the security of its card members' data "extremely seriously".

    Bold mine. I know they have different branches for countries and such, but I wonder if any of this data crossed international bounds.

  4. Re:Hand it back? by MichaelSmith · · Score: 5, Insightful

    i'd charge the pricks a consulting fee for my time. a few grand should cover it. i certainly wouldn't be handing back what is entirely his property, since he purchased it fair and square they have no recourse.

    Do that and you go straight to jail, don't pass go, don't collect $200. Your consulting fee will be seen as extortion.

    --
    http://michaelsmith.id.au
  5. Re:outbid by MichaelSmith · · Score: 3, Insightful

    Oh, crap.. i was outbid by £10. If only i knew the content..

    Why? He is going to lose the system and runs the risk of being locked up as a thief. I would say you doged a bullet (unless you are joking).

    --
    http://michaelsmith.id.au
  6. Re:I got records from @home from an ebay purchase by ScrewMaster · · Score: 3, Insightful

    Some twenty years ago, back when those orange plasma displays were popular, a girl I used to work with said she'd gotten hold of some Compaq portables, and would I want to buy one? She was only asking a couple hundred bucks (I believe they cost several thousand new at the time.) So I stopped by to take a look, thinking I could really use a machine like that. That line of thought lasted right up until the system finished booting and a custom menu appeared with legend of a major national bank across the top. Given the price and the data on them, I figured they were hot (I asked what truck they'd fallen out of) and declined to buy one.

    That was then, now we're in the Age of the World Wide Web, and there's just no excuse whatsoever for loading down a portable (read: easily stolen) computer system with vast quantities of confidential data. In fact, that really ought to be a law with few exceptions: customer and personal data must be stored on a server that is both physically and electronically protected. Period.

    --
    The higher the technology, the sharper that two-edged sword.
  7. Re:Wait... what!? by Zaiff+Urgulbunger · · Score: 4, Insightful

    You might not have seen the video clip with the article [I don't know if it's visible outside the UK] but the guy said he bought two servers, one booted and had been wiped, the other didn't boot. It didn't boot because it was missing it's ram (or the chip was unseated), so anyway, he sorted that out, booted it up and found the data.

    Soooo... one wonders if the machine didn't get wiped simply because the various techs could boot it and decided it was too much effort to move the drives to another machine?

  8. Re:Hand it back? by timmarhy · · Score: 4, Insightful
    it's my property, how can i extort someone when they WANT to purchase something i own? by that logic every service fee ever paid on new car sales is extortion.

    now if i went to them and said "pay me or i'll tell the media what retards your IT security guys are" that's extortion. but since it's already all over the news sites it's not possible to call it extortion.

    it's also pretty damn cheeky (and just the thing i'd expect from a bank) to expect him to just hand back his purchase.

    this would in fact be an interesting case to test in court as to who owns data when you purchase a pc. no doubt IP lawyers would be foaming at the mouth saying your buying hardware not software (that might shoot some of their, but then this isn't software but plain data which they didn't license so he'd have a reasonable expectation that it came with the sale.

    --
    If you mod me down, I will become more powerful than you can imagine....