Sale of one million bank account details on eBay highlights data security threat

An old PC containing the bank account details of over one million customers has been sold on eBay’s British auction site for a paltry $75.

An old PC containing the bank account details of over one million customers has been sold on eBay’s British auction site for a paltry $75.

The computer belonged to data processing company Mail Source, a subsidiary of Graphic Data, a company that holds financial information for banks and other organisations.

It is believed a Mail Source employee removed the computer from the company’s secure site in Essex and sold it on eBay, mistakenly believing the computer was clean.

The details, including account numbers, maiden names and signatures, belonged to customers of American Express, NatWest and the Royal Bank of Scotland.

Graphic Data says it is investigating the matter and eBay says such an item should not have been offered on the site.

It is the second big data security breach in Britain in a week. A few days ago, a computer containing the personal details of every prisoner in England and Wales was lost by a government official.

Spokesman for consumer group Choice, Christopher Zinn, says Australian consumers and businesses should not underestimate the threat to their data.

“We read about these things happening overseas with depressing regularity; it would be naive to think it isn’t happening here.”

Not that people would necessarily know if their details go missing. Under Australia’s national privacy principles, organisations are not required to inform individuals if a breach of security means their personal details are lost, stolen, leaked or misplaced.

“If you’re data has done a runner, you need to know as quickly as possible so you can do something about it,” Zinn says.

The Australian Law Reform Commission’s recent report into Australia’s privacy laws recommended closing this loophole, but Zinn says this recommendation could take years to be enacted.

As an interim measure, some organisations that handle sensitive data have voluntarily agreed to tell individiuals when data is lost.

“It’s something we’d like to see. Companies need to be much more responsible in their safeguarding of data.”

Zinn’s advice for consumers and business is to be very, very careful about who you give your data to.

“Look for the organisation’s various accreditations and safeguards and make sure you give your details to people who deserve it and actually need it.”

Related stories:

COMMENTS