A computer sold on ebay for $35 was found to hold the personal data of over a million bank customers who hold accounts with American Express, Natwest and Royal Bank of Scotland.
Details such as names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures were discovered when the computer was sold by a former employee of archiving firm Graphic Data.
Buyer Andrew Chapman paid just £35.88 for the computer and was shocked to discover that the internal hard drive had not been erased and he was in possession of millions of pounds worth of credit card details.
Mr Chapman, a 56-year-old IT manager from Oxford, said: 'I couldn't believe it. In front of me was reams of extremely confidential information about thousands and thousands of people.'
Data from Natwest contained thousands of details from credit card applications, while details of 1,314 credit card balance transfers from American Express customers were on the hard drive, along with credit card applications and credit checks from Royal Bank of Scotland customers.
Graphic Data said of the incident: “Certain pieces of IT equipment have been removed from a secure area. We are seeking to recover this equipment, which apparently contained customer data. We take customer privacy and data security very seriously.”
A spokesman for NatWest and the Royal Bank of Scotland said: “Royal Bank of Scotland and NatWest take data protection extremely seriously and have very strict procedures to ensure the security of information at all times.”
“Any breach of these procedures is totally unacceptable and is investigated as a matter of urgency,” he added.
American Express simply said that they were “looking into it”.
|