Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer With UK Bank Customer Data Sold On eBay

Posted by kdawson on from the fingers-pointing-in-a-circle dept.

Walpurgiss tips a BBC News story about a man in Oxford who paid $140 for a computer on eBay, and was shocked to find on it bank records of several million customers of the Royal Bank of Scotland, its subsidiary Natwest, and one other bank. "Mr. Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply. 'The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find...,' he said."

12 of 184 comments (clear)

  1. I got records from @home from an ebay purchase by jkinney3 · · Score: 5, Interesting

    I bought a pair of SGI Origin 200 machines that contained names, credit cards, and enough data to be a real problem for many thousands of people. The labels on the machines listed them as from @home which had closed their doors. I did the dd if=/dev/zero dance and reinstalled IRIX.

    1. Re:I got records from @home from an ebay purchase by XanC · · Score: 2, Interesting

      Why would you encrypt when you could just write randomness?

      10 write zeros.
      20 write randomness.
      30 GOTO 10 (as many times as you like)

  2. Hand it back? by Mishotaki · · Score: 5, Interesting

    So in the article, they say that they expect him to hand "it" back.. does that means that the poor guy who paid 77£ to give back the computer for free?

    Personally i'd charge a hefty sum to make them get back that computer, just to make them remember that he paid and he was nice enough to tell them.

    1. Re:Hand it back? by timmarhy · · Score: 3, Interesting
      i'd charge the pricks a consulting fee for my time. a few grand should cover it. i certainly wouldn't be handing back what is entirely his property, since he purchased it fair and square they have no recourse.

      mind you in his day and age i wouldn't be suprised if he ends up in jail for his honesty, if it was me i wouldn't be saying anything. if i was a more desperate man i might even have sold those details online for a princely sum....

      --
      If you mod me down, I will become more powerful than you can imagine....
    2. Re:Hand it back? by Anonymous Coward · · Score: 1, Interesting

      Extortion for what? He bought the system and all of the items with it legally. By most laws, that data is physically located on his property, and is legally his to do with what he wants. The inadvertent sale is not his fault; it's pretty much akin (I would think; IANAL) to being sold a house with $25,000 in the attic.

      Which oddly, friends of mine had happen... and they reported and turned it over to the police. If the money has no illegal connections attached to it, it's theirs.

  3. Goodwill by gnu-sucks · · Score: 4, Interesting

    I bought a sun box at goodwill once and besides an intact customer database for several large companies, it also had the admin's personal backup files, including his "My Documents" folder, his Palm cell phone, and 1200 dpi scans of his passport. Oh, and some file called "passwords.doc". No idea what is in there...

    More details here:
    http://lfnet.net/blog/?p=41

    But yeah... wipe it before you get rid of it.

  4. Re:Honesty by Anonymous Coward · · Score: 5, Interesting

    "Always do good. It will gratify some and astonish the rest." ~Mark Twain

  5. Its stupid, but understandable by PPH · · Score: 2, Interesting

    Its tough to sell a machine with no O/S on it. Most buyers will take one look at the retail price of XP (for example) and subtract that from their eBay bid. Most sellers are unwilling to risk a complete disk scrub and reinstall. Even if they are, its doubtful that they still have (or ever had) media to do an install on a clean system. The most that the non-tech savvy will attempt is to drag the contents of 'My Documents' to the trash can icon.

    This is an opportunity for a Linux distro. Include an easy-to-use boot/nuke/install mode and offer them to people who put systems up for sale on various web sites.

    --
    Have gnu, will travel.
  6. Re:Wait... what!? by bernywork · · Score: 2, Interesting

    If the machine came in contact with this data, why the drives were even sold is beyond me. The drives should have been removed and run through a shredder / grinder.

    Any machine that contained data or could have contained such as this should have been through a more... robust... decomissioning process.

    --
    Curiosity was framed; ignorance killed the cat. -- Author unknown
  7. Re:Honesty by Anonymous Coward · · Score: 1, Interesting

    I've a shared $webHosting on bluehost -- i found bunch of text files in /tmp directory with credit card details.

  8. Re:I guess RBS stands for... by larien · · Score: 2, Interesting

    Except it wasn't them who lost the data, although what a 3rd party was doing with all those records I'm not sure.

  9. Re:Honesty by bit01 · · Score: 1, Interesting

    Kudos for him for speaking up rather than trying to abuse the situation.

    How do you know he didn't make a copy before speaking up? Get the cash and the kudos...

    ---

    Virus scanners don't detect M$ and US government trojans.