Bank account numbers, phone numbers, mothers' maiden names and signatures of customers of the three banks were found on a computer sold for £77 on the auction site eBay this week. Winner of the auction was Alan Chapman from Oxford, an IT manager. The information came from Graphic Data, a digital archive for financial companies including banks. According to Scotsman.com, these banks were Royal Bank of Scotland, NatWest banks and American Express. An eBay spokesperson says: "Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay. We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site.", reports Geek.com.
BBC says RBS and NatWest representatives call the million-customer security breach incident "extremely regrettable" and "a matter of urgency."
With stolen business laptop stories appearing in the media on a regular basis, it is shocking that a multinational organization would allow so many gaps in the security chain. The lack of accountability is shown clearly: no specific employee to be shown responsible, a business that allows that much sensitive data to be removed from the archive, how the hardware came to house the data.
Such an egregious security breach will obviously bring into the forum the UK's Data Protection Act of 1998. On a business level, though, not only Graphic Data will suffer, with such a drastic blow to business confidence, but also to the banks involved. With the general malaise of the public in relation to the economy right now, skittishness towards banks is heightened. Even if a customer is not one of the million that had data compromised, it wouldn't be surprising if they decide to migrate elsewhere.