40 Million Identities Up For Sale On the Web

An anonymous reader writes "Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers, and even PINs are available to the highest bidder. The information being traded on the Web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of 40 million people worldwide, mostly Americans; four million are Britons. Security experts described the database as the largest of its kind in the world. The database is in the hands of Colin Holder, a retired senior Metropolitan police officer who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, such as British police and the FBI, anti-phishing and hacking campaigners, and members of the public. Mr. Holder said he has invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached."

Re:splitting hairs

[FromellaSlob]

The UK DPA also requires that he have a legitimate reason to hold this data in the first place, which would be either a direct customer relationship, or a third party one like a credit reference agency (where the customer gives permission for the third party data-sharing as part of their credit applications). It also requires that he hold it for no longer than strictly necessary for the purposes of said business relationship. The law in question thankfully makes this an explicitly opt-in thing, outside of government no-one can legally collect your data without your permission and then require you to opt out.