Hundreds of Bank Account Details Left In London Pub

twoheadedboy writes "Another day, yet another data security failure. Two companies have been found in breach of the Data Protection Act after tens of thousands of tenants' details were left at a London pub, alongside 800 records with bank account details. A contractor who had stored data from two different companies on an unencrypted USB drive was responsible. We've all lost things on a night out, but rarely is it other people's banking information. The two firms involved have been told to get a grip on their security procedures, but they escaped a fine from the ICO."

Not even a fine?

[captainpanic]

Companies are legal entities that can get away with far too much!

The police can usually be quite creative when it comes to punishing people when they do something stupid on a night out. There are vague concepts like 'public disorder' or 'disturbing the peace' which allow them to lock up someone for at least a night. Can't they apply that to a company that gets drunk? Close it down for 12 hours until it's sober again?

Re:Not even a fine?

Companies are the sacred cows of capitalism. They create wealth. They run the economy. They are immortal. They can freely move across borders. They are untouchable.

This is especially true in countries where the corporations and the governments are essentially the same.

You and me, we're expendable. They aren't.

Re:Not even a fine?

[bkpark]

Companies are legal entities that can get away with far too much!

Really? Do you get caught and punished every time you do something bad? I've frankly sped (at 10, 20+ mph above posted limits) many times and done things that I'd be too embarrassed to admit on Slashdot. I've not been caught or punished for any of these transgressions. Yet.

All persons (both real and legal) get away with a lot of things they do; after scaling for size and influence of each person, I don't think there's a preferential treatment for either corporations or real persons.

If there's one entity that gets away with far too much, it's the government. Take their accounting rules for example; if any private corporation accountant used the same rules as the government (in counting liabilities, especially), that would land him in jail.

Re:Not even a fine?

totally on agreement with your statement!

Re:Not even a fine?

[Bert64]

But the point is that if you were caught doing 10-20mph above the posted limit you would almost certainly be punished for doing so...
Whereas many corporations are caught doing illegal things, and simply aren't punished at all.

There's a difference between simply not being caught, and being caught but let off with little or no punishment. The fact we hear about something in the news means they've already been caught, how many other crimes go undetected?

Re:Not even a fine?

[jhoegl]

Wow...
I mean it is really obvious to your lopsided opinion on this, but I wonder if you really think that or not.
The reality is that both entities, corporate and government are made up of people... people will do stupid things and probably at the same percentage or rate as both entities
However, to read what you wrote, you tend to think that there are far more people doing stupid things in Government than business. Where do you get your opinion from? One can only guess, but it seems statistically flawed
However, to counter your point. I feel that everyone should be subject to laws, and if they break them... accept the consequences. Do not bitch, moan, bribe, cajole, mope, PR blitz, pay someone to throw a pie at you during a hearing, or toss empty pity apologize and then fall asleep during the hearing.
Take it like a grown up, admit your wrong and go about life. Frankly, any excuse such as the ones above is a cop out and you are lower than a bottom feeder in my eyes.

Re:Not even a fine?

[arglebargle_xiv]

The two firms involved have been told to get a grip on their security procedures

If it happens again, they have to go see the headmaster. After that, it's a note to their mother. Then, things get really serious. Wet bus tickets will be involved.

Re:Not even a fine?

[captainpanic]

A 100 euro fine is normal for a person making a relatively minor mistake... like doing something stupid while drunk, or speeding 10-20 mph.
100 euro is 0.25% of a regular annual income of 40000 euro/year...

I'd like to see a big business take a fine of 0.25% of the revenue (revenue, not profit, obviously) for relatively small mistakes.
Take British telecom (mentioned earlier in this thread) for example: A revenue of about 30 billion euro / year. A minor mistake should lead to 0.25% of 30 billion = 75 million euro.
And that's for small mistakes.

It would certainly bring an extra incentive to be careful.

Re:Not even a fine?

[GeckoAddict]

The difference is that companies (especially large ones) have teams of lawyers to shoot down those charges, or at least stall them long enough to make it not worth the time, while an individual does not. Same thing applies to the rich.

Re:Not even a fine?

[Calos]

>> I mean it is really obvious to your lopsided opinion on this, but I wonder if you really think that or not.

What does that even mean? What is really obvious?

>> The reality is that both entities, corporate and government are made up of people... people will do stupid things and probably at the same percentage or rate as both entities

I'd disagree. I have experience in both sectors, and from what I have seen... People in private entities are held more accountable for their actions. You can easily be demoted, not-so-easily fired (but it's still possible), and reassigned to jobs you don't like to limit the amount of damage you can do. In the public sector, it's almost impossible to do those things. What's more, screw up enough and you may find yourself in a new position - not with crappy work, but with almost no work. Still taking a salary, not trusted to do a thing, but can't be gotten rid of. What's more - corporations often have bonus incentives based on personal and company performance, which makes people more invested in not screwing things up.

People will do stupid things. But they'll do them less if they have an incentive not to.

>> However, to read what you wrote, you tend to think that there are far more people doing stupid things in Government than business. Where do you get your opinion from? One can only guess, but it seems statistically flawed

Two things...

First, the two aren't directly comparable - what governments do is different than what corporations do. Corporations are self-interested; they are less likely to make stupid decisions because those decisions hurt themselves. Governments' decisions act primarily not on the government, but on others. And there are always people who think they know best how someone else should run things... made all the worse if they benefit from it. So, it all comes down to what constitutes a "stupid decision," but government is intrinsically set up in a manner that doesn't seek to avoid them, as is the case for a corporation.

Second, "it seems statistically flawed." No, because there's no statistics in play here. All you've basically said so far is that you disagree with his interpretation. But you have no statistical grounds to claim that; it's merely a difference of opinion.

>> However, to counter your point. I feel that everyone should be subject to laws, and if they break them... accept the consequences. Do not bitch, moan, bribe, cajole, mope, PR blitz, pay someone to throw a pie at you during a hearing, or toss empty pity apologize and then fall asleep during the hearing.

How is that at all a counter to what he said? He didn't claim that everyone shouldn't be subject to the same laws, nor advocate slimy ways of getting out of it. All he said was that in his eyes, people and corporation are being treated equally. You can disagree with that, fine. But do it directly.

Also, personal pet peeve: stop "feeling" things and start "thinking" them.

>> Frankly, any excuse such as the ones above is a cop out and you are lower than a bottom feeder in my eyes.

What excuses are they?

Re:Not even a fine?

[bkpark]

Take British telecom (mentioned earlier in this thread) for example: A revenue of about 30 billion euro / year. A minor mistake should lead to 0.25% of 30 billion = 75 million euro.
And that's for small mistakes.

Revenue is the wrong number to use. Use the percentage of earnings (or, if not actual reported earnings, at a minimum, revenues minus expenses directly related to generating those revenues), which is more comparable to a person's salary. You should arrive at a figure in the millions or hundreds of thousands, and guess what—that *is* what corporations get fined rather routinely when they do something bad that they do get caught (this isn't to say they always get caught when they do something bad, but for that, I go back to my original point).

Re:Not even a fine?

Yup and higher fees to customers of the bank.

Re:Not even a fine?

[GaryOlson]

Such dreary and damning words first thing in the morning.
I need to go to the pub for breakfast and beer.

Re:Not even a fine?

Nope, revenue is best. He used the income not the savings of a regular person.

Re:Not even a fine?

[Elbart]

Two beers then.

Re:Not even a fine?

[captainpanic]

Revenue is the wrong number to use. Use the percentage of earnings [...]

You can argue that it must be paid from earnings (that's profit, isn't it?), or revenues minus expenses. Fair enough. But then we do that on both sides of the equation: We also calculate the percentage of a 100 euro fine compared to my annual savings.

Companies can put a LOT of stuff on expenses. They can put new shiny offices, heating and electricity, transportation including business trips and team-building events, new furniture, and company dinners and even the investments and expansions on expenses.
So, I'll do the same. And what do you know, I have hardly ANY savings at all. If I take my income, and subtract the rent, the food, all shoppings, an occasional party and my holidays, then there's nothing left. So, the 100 euro fine is close to 100% of my savings (because I'll actually have to reduce expenses to pay it).

It's fine by me to use this method to calculate it. Still, I think revenue is more fair.

Re:Not even a fine?

I'd disagree. I have experience in both sectors, and from what I have seen... People in private entities are held more accountable for their actions. You can easily be demoted, not-so-easily fired (but it's still possible), and reassigned to jobs you don't like to limit the amount of damage you can do. In the public sector, it's almost impossible to do those things. What's more, screw up enough and you may find yourself in a new position - not with crappy work, but with almost no work. Still taking a salary, not trusted to do a thing, but can't be gotten rid of. What's more - corporations often have bonus incentives based on personal and company performance, which makes people more invested in not screwing things up.

People will do stupid things. But they'll do them less if they have an incentive not to.

I disagree with your disagreement. Government screws up in quantity, private entities screw up in quality. In the end, they both screw up.

We don't hear about private sector screw ups as often, but when they do screw up (when, not if) its often huge.

And don't forget the scale: a private entity are not obliged to care for anybody but themselves (specifically their shareholders). Government has the obligation, in theory, to care for all of its subjects. This means government is held accountable for more things, and get blamed for more things. In fact, sometimes when the private sector screws up, the government gets blamed (as well, or in the private sector's place) because "they were supposed to keep those companies in line" (but then the other side complains how the government should stay out of private sector's business)

Of course, I can also argue that they're in this together, so it doesn't matter which one screws up more.

Re:Not even a fine?

[Andrewkov]

Don't leave your USB drive there..

Re:Not even a fine?

That wouldn't work. A corporation is a puppet, not a being (If a child teases his sibling with a sock puppet does giving the sock a time out solve anything?). If you want to change the behavior of corporations you need to make the rewards and punishment changes to the people in charge. That would be the owners (share holders).

Fine every shareholder indavidually an amount comparable to what you would fine an individual for doing the same thing and you have the start of a way to punish corporations for their miss-deeds (you'll still have to solve the non trivial problem of unequal responsibility due to different share holders having different amount of say in the choices made).

Re:Not even a fine?

[nedlohs]

So their customers move to other banks and they go bankrupt. Or they eat it by paying fewer/smaller bonuses for a couple of years and keep their customers and stay in business.

Re:Not even a fine?

[rubycodez]

"breakfast and beer", I didn't realize they had to be stated separately.

If I owned a pub open early in the day, I would do like the cereal manufacturersfor a TV commercial: "Our pilsen is a delicious part of this balanced breakfast!"

Re:Not even a fine?

[biodata]

If you fine the company, isn't this the same thing? You are taking value away from the capital value of each shareholder's assets in proportion to their holding. Agreed, it doesn't get around the fact that most have no say anyway, but it seems equitable. The main problem is that fines are always so small that the shareholders never notice.

Re:Not even a fine?

[Nimey]

Finland has an excellent law in this regard: fines are scaled in proportion to the perp's wealth. This means that an average person might pay (say) 25 euros for a moving violation, but a really rich person would pay tens of thousands.

If the purpose of a fine is to dissuade people from doing something, then this is an excellent idea - a rich person would never notice 25 currency units, nor would a company.

Re:Not even a fine?

[RockDoctor]

Take British telecom (mentioned earlier in this thread) for example: A revenue of about 30 billion euro / year. A minor mistake should lead to 0.25% of 30 billion = 75 million euro.
And that's for small mistakes.

By comparison, a couple of years ago when Shell Expro had a major gas leak in a production platform leg, killing two and putting several hundred at risk (if the gas had exploded, then one of the platform's three legs would have collapsed, dropping the whole platform into the sea in a matter of seconds to minutes) ; their fine was on the order of £700,000 and was a national record high at the time. I'm not sure if it's been topped yet.

Oh, there were other issues involved ; they'd ignored improvement notices, the gas line had been patched repeatedly (with plastic sheeting and jubilee clips) ; their alarm and emergency response procedures fucked up big style. SNAFU.

Re:Not even a fine?

[Bert64]

Or they raise their fees so they can continue paying the same or larger bonuses, and then when on the verge of bankruptcy they go to the government and ask for a handout.

Re:Not even a fine?

[nedlohs]

If the government is stupid enough to bail out a bank which is broke because they have next to no customers (the opposite of too big to fail), then that's not really a problem with the bank...

Why didnt they get a fine?

Why didnt they get a fine? The whole point of these acts is to stop this sort of thing happening so what is the exception? Lets see -

"The device contained details of over 20,000 tenants of Lewisham Homes and 6,200 from Wandle Housing Association. Almost 800 of the records belonging to Lewisham Homes also contained tenants’ bank account details."

So let 800 records that include customer bank accounts into the wild and no fine? But if I park my car on the street for an hour too long I get one. mmmm

Re:Why didnt they get a fine?

[Dunbal]

Not only did they not get a fine, the contractor's name hasn't even been published so we have no idea who it is. Lewisham Homes and Wandle Housing are the names of the companies whose client's data was leaked. But the name of the contractor responsible for the breach has not been released. So you could end up hiring/contracting this guy.

Re:Why didnt they get a fine?

[xaxa]

The article says "The ICO will only enforce a monetary penalty when it believes there has been noticeable damage to affected parties."

Re:Why didnt they get a fine?

[lucidlyTwisted]

The ICO is a toothless waste of tax-payers' money. They couldn't even be arsed to do anything about BT's use of Phorm.
Fines should apply immediately (say £100 per breach), and quadrupled if the company did not disclose the breach itself. So in this case the contractor/councils should be staring down the barrel of a circa £2.6million fine. But they won't. All that will happen is that a few civil servants will be promoted, the council will mutter "lessons learned", the ICO will crow about monitoring its own navel and nothing will change.
Why the **** does a contractor need to take that amount of information out? Give them a limited VPN and a key to access what they need. Simples.
And disable USB - that has no business being enabled for typical end-users in a corporate/council environment.

Re:Why didnt they get a fine?

[Skapare]

So basically, there will be no incentive to prevent damages. And since the people who are damaged won't know who did it, it won't really ever come back to them. It sure sounds to me like the whole ICO is just a crock. My bet is they are all bribed.

more details

[rbrausse]

the BBC article has some more depth (and the site is _much_ faster...). the most interesting sentence is "The memory stick was handed into the police on the weekend of the 5th March and safely retrieved." (emphasis added)

why took it 5 months to disclose the data breach?

re: more details

[ed.han]

this is normal in the case of data breaches. usually, an investigation is done to determine scope/size of privacy breach. and remember the sony "what outage" story from earlier this year.

i'm mystified as to why the contractor in question isn't being named. that is an absolutely inexcusable lapse in judgment.

Re:more details

why took it 5 months to disclose the data breach?

Why took it 5 months? Speaking like Yoda we are, hrrmmmmm?

Re:more details

[Curmudgeonlyoldbloke]

Probably because the ICO waited until the Silly Season before releasing the press release so that it got picked up by the news media. I doubt that any actual "investigative reporting" was involved.

Re:more details

why took it 5 months to disclose the data breach?

It was a Sony thumb drive.

So no punishment at all? Really?

[rebelwarlock]

From the article: "The two housing companies have agreed to ensure all portable devices are encrypted. Contractors, as well as other staff, will also have their personal data handling monitored."

All they had to do was say they'd be more careful next time, and that was good enough? I almost feel safer hiding my money in a box under my bed at this point.

Re:So no punishment at all? Really?

What guarantees have they given that the encryption will be properly implemented? I have seen many systems where although the disk was encrypted, the system booted up on its own therefore the key was stored on the device meaning its only a matter of skills and equipment to retrieve the key.

Also a lot of such encryption software is badly written, and has numerous exploitable vulnerabilities - check out http://www.digit-labs.org/ for examples of some...

And then you have the ridiculous "approved disk encryption products" lists provided by governments and other certification bodies... The approval processes are generally extremely flawed in many different ways... They are expensive, so they create a cartel of providers, the approval process is slow and the combination of these issues ensure that approved versions always lag behind the generally available versions... Also the approval process is generally very weak and not very transparent, its rare that source code will even be examined during such a process for instance, they usually boil down to vendor paying a lot of money and providing a list of features, and they simply check that those features exist...
For a good laugh, compare the products with vulnerabilities disclosed on digit-labs.org with the list of approved encryption products published by various places, you will find that a number of product versions are still on the approved lists despite having exploitable published vulnerabilities.

EBKAC

The classic Error between keyboard and chair, or the post it on the screen with the ultrasupersecret password, or the run this exe file to see Hillary Clinton naked. It doesn't matter how secure systems are developed. The weakest point of the chain will be always us, the ones who are operating the system.

Re:EBKAC

[nevillethedevil]

That would actually be the most secure .exe file ever created. No one is ever going to run it.

No worry, love

The whole world's gone bloody well pear-shaped, I tell ya. Those accounts won't be worth a farthing next fortnight anyhow. Another pint, while me money's still worth something.

The ICO is useless

[Heed00]

The ICO has failed time and time again to bring sanctions against infringers. Hell, BT tapped 100's of thousands of its customer's internet connections and never was sanctioned by the ICO or brought before a court to answer for its crimes. The ICO seems to take the attitude that the offenders just simply made a mistake and can't we just forget about it as we're sure they are sorry now -- they took action in just over 1% of cases and levied fines far less than that:

...the ICO acts on just 1.4% of data breaches and only fines 0.15% of offenders.

http://www.techwatch.co.uk/2011/04/22/ico-penalises-less-than-1-of-security-breaches/

Re:The ICO is useless

[Rich0]

Yup, if everybody gets one free warning and the risk of prosecution is low to begin with, then there is virtually no incentive to not commit a crime.

Re:It's clear what the problem is

[Sulphur]

Reminds me of the other story of the memory device left in a pub.

Clearly, pubs are dangerous places. Let's close them all down.

That was meant ironically, for all of you tards on /. who see a troll under every bridge.

Lost your memory in a pub? I thought that was why one went there.

Re:It's clear what the problem is

some times you loose memory, sometimes you retrieve old memories leaving new ones behind! Darn those pub's!

How in this day and age

[mr100percent]

How in this day and age are companies still doing this? Are PHBs still demanding the company put everything in a single spreadsheet with no password?

Do they just not know of Vista's BitLocker or Mac's FileVault?

Re:How in this day and age

[Pieroxy]

Do they just not know of Vista's BitLocker or Mac's FileVault?

They probably run XP...

Yay for human error

[xatm092]

The drive should have been encrypted, but can't really blame the guy for being human. We've all told ourselves over and over again not to forget we just put a pizza in the oven and then 20 minutes later start to smell burning.

Re:Yay for human error

No, that's why someone invented the timer...

Re:Yay for human error

[hawkinspeter]

There's absolutely no excuse as to why the drive wasn't encrypted. I totally blame the guy for knowingly transferring other people's data onto an unencrypted drive. Losing it is understandable (and would be forgivable if he'd encrypted it).

This is more like making a pizza with a dynamite topping and then leaving it in the oven too long (there's just no good reason to make a dynamite topped pizza).

Re:Yay for human error

[zippthorne]

Maybe it's a pizza for angina sufferers?

No, we haven't

[DoofusOfDeath]

We've all lost things on a night out

No, we don't all.

I wonder if the author is making excuses for what appears to be another incident stemming from Britain's wide-spread drinking problem. I can't think of any other country with as many stories of the form "restricted-access data from XXX was left in a pub by a contractor/employee with company/agency YYY". Maybe it's just that the British press covers this expecially aggressively, or maybe it's really that too many Brittons are foolish and irresponsible about alcholol consumption.

Re:No, we haven't

[itsdapead]

I can't think of any other country with as many stories of the form "restricted-access data from XXX was left in a pub by a contractor/employee with company/agency YYY".

I know its not exactly a USB stick with bank details, but other nationalities do quite famously leave things in bars that they probably shouldn't.

Maybe it's just that the British press covers this expecially aggressively,

Ding!

Re:No, we haven't

[Teun]

An insightful observation, the average Brit can't handle alcohol and goes straight for abuse.

Have a look in Amsterdam, when you see a drunk in broad daylight chances are nearly 100% he's a British 'tourist'.

This point alone should be an incentive for companies that handle sensitive data to enforce a good and drunk-proof security.

Re:No, we haven't

[JasterBobaMereel]

Left in Pub does not mean left in Pub by Drunken contractor - probably went in for food at lunchtime, and left it behind, just like others have left them on trains, taxi's etc when not drunk ....Pubs in the UK are very often not just Bars, they are nearer Restaurants with a Bar ...

There is a drinking culture in the UK, the problem is that the culture is to drink, without food, in order to get drunk, other countries drink as much, but with food (which lessens the effect), and consider being drunk to be ill mannered ...

Re:No, we haven't

[pz]

Exactly. "Pub" is short for "public house" which explains why they feel like someone's livingroom. That's the whole idea, and part of the culture: rather than sitting in your home alone during the evening, you can pop down to the pub and hang out with your friends in essentially the same atmosphere. Local pubs are one of the things that make travelling through the English countryside such a joy! I used to fly through London a fair bit and often would schedule a long stop-over so that I could pop in to town on one of the express trains and have lunch at a proper pub.

Re:No, we haven't

Is it a country related culture or just a generation related one? I've been in a few european countries, and hey, everybody drinks to get drunk, and getting drunk is considered to be this "fun thing".

Re:No, we haven't

[julesh]

Britain doesn't have a drinking problem, at least not to the extent that our media would have you believe. It's been hyped out of proportion on the back of badly designed government statistics, which reveal that large numbers of people regularly binge drink. At least, they do if you define "binge drink" as "drink more than the daily recommended alcohol allowance in a day", where the daily recommended alcohol allowance is 3 units for women or 4 for men (i.e. 2 pints of any reasonably strong lager is "binge drinking" by this definition), an allowance which has been described by the committee that originally set it as essentially a guess with no scientific validity, and probably too low. And even the basic principle of whether a daily allowance rather than a weekly one is a good idea is questionable, because to set a daily allowance you have to consider its effects on people who drink every day, but most people only actually drink once or twice a week.

Re:No, we haven't

[MoonBuggy]

It's actually defined as more than twice the daily limit, but the rest of your point still stands.

Re:No, we haven't

[Cederic]

A country one. Every generation goes through it.

I personally don't understand the appeal, but I'm deaf enough that pubs are horrendous conversation blackspots for me and I don't buy the "it's fun to get drunk" angle.

Then again, I bought a litre of vodka an hour ago.. :)

The UK does appear to drink differently to most other European nations. I personally put it down to the puritans and their fucked up approach to life - by demonising alcohol they influenced the country into a lifestyle that doesn't introduce children to alcohol in a gentle, progressive and controlled way. Instead of kids having a glass of wine with their dinner at the age of ten, they get to see their parents stagger in pissed out of their faces, told they aren't allowed any at all and so learn about alcohol on cheap cider in the company of their friends who are equally incapable of coping with it.

It's a long and noble tradition, or something :)

Time to lose mine

[TeknoHog]

We've all lost things on a night out

$ mv virginity /mnt/usb/

We got our priorities straight here...

[SeaFox]

Lose a prototype iPhone?
Men come busting in to search the apartment of the guy who buys it.

Lose a USB drive with 800 banking records?
A stern talking-to, but no fine.

Re:We got our priorities straight here...

[Threni]

Being involved with the sale of stolen property is a crime. Losing a USB key isn't.

Re:We got our priorities straight here...

[Syberz]

It's not as bad as you make it sound, I'm pretty sure there was finger pointing and the culprits had to "promise not to do it again" as well.

Re:We got our priorities straight here...

[biodata]

There is something called the data protection act that requires organisations which handle the private data of individuals to, like, protect it. We are all getting too used to the idea that when we give our personal data to a company, they somehow own it. They do not, and this is very clear in law, wherever sensible data protection legislation is in place.

Re:We got our priorities straight here...

[david_thornley]

Another difference: losing a USB stick doesn't usually involve claiming "I COMMITTED A FELONY!" on a very widely read blog. Do not taunt Happy Fun Police Officer.

Re:We got our priorities straight here...

[Cederic]

Lose a prototype iPhone: Get into shit at work
Lose a USB drive with 800 banking records: Get into shit at work
Sell someone else's property: Get investigated for receiving stolen goods, money laundering, etc.
Hand in USB drive found in pub to police: Get thanked.

I'm not seeing any major issues here.

Re:We got our priorities straight here...

One happened in the US the other in the UK. Different people have different priorities. Who'd thunk it?

Re:We got our priorities straight here...

[AmiMoJo]

The responsible course of action would be to anonymously post the data to Pastebin. Failure to do so will only result in the company in question getting off with little more than letter from the ICO.

Until there is an effective system in place to punish this sort of thing we are going to have to do it ourselves, and civil disobedience is justified. We have exactly the same problem with protests - they are utterly ignored until they turn violent for a sustained period. 2 million marched against invading Iraq but the UK did anyway. The Poll Tax protests were also ignored until people started throwing stuff at the police and generally vandalising stuff for weeks on end, after which the government eventually caved in.

In that sense we are pretty much the same as one of those Arab or African dictatorships where the only option is for the people to force the issue by breaking the law. There is literally no other way to have any effect in our democracy, except by voting once every five years. Voting is often futile though because the First Past the Post system means that the majority of people's votes don't count and all three parties have shown that they will happily carry on ignoring you if they do get in.

I wish it wasn't so, but it is.

Thank You!

[sgt+scrub]

I was wondering were I left those. If you just pass them along I would appreciate it. Please send to totallystoked@goingtodosomethingeviltoday.com

Totally.

[Elbart]

One was the secret property of our corporate gadget-overlords, the other mere bank-account-info of faceless people. To hell with those!

whoo

BOFH squeaked by again!

WTF???

[new+death+barbie]

What the hell was a CONTRACTOR doing wandering around with unencrypted BANKING information from TWO DIFFERENT companies?

Re:WTF???

What the hell was a CONTRACTOR doing wandering around with unencrypted BANKING information from TWO DIFFERENT companies?

Selling to other parties ?

Re:WTF???

Apparently the contractor was drinking in a pub. Did you RTFS?

Re:WTF???

[rubycodez]

yeah, maybe the contractor already got their big bucks for the stick, but the dumb-ass corporate spy later dropped it

Re:WTF???

[Cederic]

Welcome to the world of contracting, where you charge a high daily rate because you "get things done".

What you don't mention is that you get things done because you ignore all of the regulations, internal policies and procedures and other mechanisms designed to keep companies operating within the law and looking after their customers' data properly.

Sometimes you fuck up and get asked to leave your current contract - but don't worry, there'll be another one available within a week or two.

And contractors wonder why permanent employees hate the overpaid lying cheating bastards.

Re:WTF???

You're missing the point - management are usually aware of contractors punching holes in procedures... It's why they hired them in the first place, at the end of the day if it all goes wrong then sling out the contractor to appease the next layer up..

Rinse, repeat, lather

Your comment sounds like it comes from a perm who hasn't really cottoned on yet. Most contractors I know move from interesting perm roles into boring contract roles, and back again, as financial needs dictate.

We don't care if you hate us, we just look at our invoices at the end of the month and smile..

ID-10-T Consulting

[pinkushun]

Our Mission Statement:

- encryption is obsolete and unnecessary
- carry all client data in easily deposited usb drives for convenience
- go for a pint in the pub daily

Re:ID-10-T Consulting

[biodata]

Was just going to ask if this is the real company name then thought better. Honestly though, who was it? Someone must know.

Who needs to get hacked...

[MoldySpore]

...when you have employees like them?

Re:Who needs to get hacked...

[u38cg]

"Any attack that can be carried out by an outsider, can be carried out by an insider".

Why was it on a USB stick?

[mmcuh]

Who the hell brings tens of thousands of case details with them on a USB stick when they go to the pub? Taking a bit of work home over the weekend? Surely you would just access it on the employers VPN in that case?

The only plausible reason I can think of is that the person meant to give or sell it to someone who wasn't allowed to access it.

Re:Why was it on a USB stick?

[Uhyve]

Maybe he did sell it to someone who wasn't allowed access to it...

Re:Why was it on a USB stick?

It was a contractor, depending on the IT department's confidence of the company he was contracting for, it may have too much hassle to set up VPN access and don't forget if he was competent he would have used encryption even if he was selling it (he can give the buyer the passphrase once he's paid). Going for a drink in a pub after work isn't uncommon (especially on Friday's). Perfectly plausible.

I think the real answer to your first question is: Someone who shouldn't be trusted with confidential data.

Re:Why was it on a USB stick?

s/confidence/competence/

The English

[Voline]

"We do like our binge drinking" -- Maurice Moss

The BOFH strikes again!

That contractor must've been looking for a kickback... the Bastard never pays!

Cops'll rob you

Cops will break a window in your house and let themselves in while you're gone, saying "Oh, there was a broken window, we had to investigate."

The British security method

[Snaller]

Is to leave all secret documents all over the place, so eventually people get tired of reading all the stuff and leave it alone.