Who Breached: Graphic Data (holding 3rd party data)
Number Affected: Millions
Information breached: Financial records
How: Computer sold on eBay

Several million people have been affected after a computer was sold “inappropriately to a third party” via eBay. The computer contained sensitive information on customers from the Royal Bank of Scotland, American Express and NatWest.

A former employee of the archiving company Graphic Data (owned by MailSource UK) sold a machine that contained the banking information. Information included account numbers, passwords, phone numbers and signatures. The computer was sold on eBay for £35 to an IT manager, Andrew Chapman, who came forward after noticing the data on the hard drive.

Click here for a video of Andrew Chapman being interviewed about buying the computer & its data.

A Information Commissioner’s Office (ICO) has launched an investigation into how this mistake happened and what steps will be taken to avoid a similar incident from happening. According to MailSource UK, the computer was sold without authorization.

“The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed” – Nicole Morgan, MailSource UK

The data on the hard drive was not wiped prior to the computer being sold (although wiped data can be recovered).

Via daily mail, forbes, bbc Tags: , , , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati