Wednesday, August 27, 2008

Banking Information of More Than One Million People Sold on eBay

Here's an interesting twist on recent data breach news. Forbes reports that a computer containing the banking security information of more than one million people has been sold on the popular auction site eBay. The Royal Bank of Scotland announced that a computer, which belonged to an archiving company called Graphic Data and contained information from credit card applications of some of the bank's customers as well as data from other banks, was inappropriately sold to a third party. The data on the computer included passwords, account numbers, cell phone numbers, and signatures.

A former employee of Graphic Data apparently sold the computer server on eBay without wiping the hard drive first. The breach became known when the buyer, Andrew Chapman, found the data on the hard drive and contacted authorities. The incident is currently under investigation.

All right, I'm not a regular eBay user or an IT expert, but I know that just deleting files is not enough to make sure your data is completely gone from the computer. The hard drive needs to be formatted and the operating system reinstalled before you sell or give away a computer. Now if a general user like me knows this, the person who sold the computer must have know this (at least, we hope these companies are employing competent people). Whether this was deliberate or not remains to be seen, but I will definitely keep an eye on this.

No comments: