Computer With UK Bank Customer Data Sold On eBay

Walpurgiss tips a BBC News story about a man in Oxford who paid $140 for a computer on eBay, and was shocked to find on it bank records of several million customers of the Royal Bank of Scotland, its subsidiary Natwest, and one other bank. "Mr. Chapman said anyone with a basic knowledge of computer software would have been able to find the data fairly simply. 'The information was in back-up CDs and in ISO files so it would have been possibly quite easy to find...,' he said."

Honesty

[Enderandrew]

Kudos for him for speaking up rather than trying to abuse the situation.

Re:Honesty

[PunkOfLinux]

Agreed, although we shouldn't be forced to think that doing the right thing is so rare that we must laud it.

Still, good job.

Re:Honesty

"Always do good. It will gratify some and astonish the rest." ~Mark Twain

Re:Honesty

[Dekortage]

Man: "Look, I found eight million customer records on here!"

Bank tech: "That's weird, we always stored ten million records in those databases..."

Man: "Huh, no idea what happened to those other two million." (hides batch of CDs) "I can't believe you guys sold 8 million customer records on eBay!"

I got records from @home from an ebay purchase

[jkinney3]

I bought a pair of SGI Origin 200 machines that contained names, credit cards, and enough data to be a real problem for many thousands of people. The labels on the machines listed them as from @home which had closed their doors. I did the dd if=/dev/zero dance and reinstalled IRIX.

Hand it back?

[Mishotaki]

So in the article, they say that they expect him to hand "it" back.. does that means that the poor guy who paid 77£ to give back the computer for free?

Personally i'd charge a hefty sum to make them get back that computer, just to make them remember that he paid and he was nice enough to tell them.

Re:Hand it back?

[MichaelSmith]

i'd charge the pricks a consulting fee for my time. a few grand should cover it. i certainly wouldn't be handing back what is entirely his property, since he purchased it fair and square they have no recourse.

Do that and you go straight to jail, don't pass go, don't collect $200. Your consulting fee will be seen as extortion.

Re:Defending the indefensible?

[rapiddescent]

as another tech contractor who has worked in the past at 113DS, FR and GF - I know what you mean about getting dev access or access to one of the gigantic machine rooms. I would say that RBS core systems and its brands (natwest, coutts, Ulster(s)) are extremely secure to the point of not being able to do any work. Even the due process to make a change to a production system is amazing with full-time boards spending all day evaluating every change.

from what I read on finextra.com, it looks like this box was owned by a supplier firm and subsequently was stolen by an employee of the supplier firm and sold on ebay. Also, the box had not been used since 2005 - perhaps an old server in the cupboard (of the supplier Graphic data) that an employee thought they could sell on ebay. I am struggling to see how this would have happened as a badged RBS server at one of the EDI datacentres. They run a tight ship.

one thing for sure, Graphic Data can kiss goodbye to their contract with RBS - one thing I know abut RBS is that they are very worried about security breaches - especially public ones like this.