Banks Warn Millions After Laptop With Personal Details Sold on eBay

By Brian Ferguson

ABOUT a million customers across the UK will be contacted by three high-street banks after a computer holding their personal details was sold on the auction website eBay for GBP 35.

Information including the bank account numbers, phone numbers, mothers’ maiden names and signatures of customers of American Express, NatWest and Royal Bank of Scotland were found on the laptop.

The eBay buyer, Andrew Chapman, an IT manager from Oxford, found the information on the laptop’s hard drive and raised the alarm. The banks involved refused to disclose what advice would be given to customers whose details – understood to date back around three years – were on the computer.

It is thought unlikely the computer had fallen into the hands of criminals. Customers affected are likely to be asked simply to check their statements.

The computer belonged to a data processing company, Mail Source, part of Graphic Data, a firm that holds financial information for organisations, and was used at Mail Source’s secure storage facility in Essex.

Mail Source said it was still investigating how an employee – who has since left the firm – had come by the computer, which had not had its disc wiped.

Mr Chapman, 56, said it was unlikely “any man on the street” would have bought the computer, as it was listed on eBay as a server from a data centre, but a basic knowledge of computers would have made accessing the information quite simple.

“It would possibly have been quite easy to find if you know something about computers. It’s lucky I found it.”

James Jones, of credit reference agency Experian, said people should not panic as the information had not fallen into the wrong hands.

He said: “This case is a bit of a close shave, although it is hardly isolated. Unless you’ve been particularly careless with your details, the bank will always cover the cost of any fraudulent activity on your account.”

Sandra Quinn, director of communications at payments body APACS, said: “Since this information appears to be more than three years old and the information does not itself appear to have been sold on, it’s likely the banks involved will simply write to customers and ask them to check their statements.”

Mail Source insisted the employee who sold the computer had made an “honest mistake”. The company is investigating how it was removed from a secure location, but stressed the sale was an “isolated incident”.

A spokeswoman said: “The computer was removed from our secure storage facility and sold on eBay. It was neither planned nor instructed by the company to be disposed of. We know which employee took the server and sold it, but we believe it was an honest mistake and it wasn’t intentional to sell it without the server being cleared. We’re taking measures to ensure it’ll never happen again.”

An RBS spokeswoman said:

“We take this issue extremely seriously and are working to resolve this regrettable loss as a matter of urgency.”

A spokeswoman for American Express added: “We take the security of our card member data extremely seriously and have strict guidelines for suppliers around the security of information. We’re currently working as a matter of priority to establish exactly what data is impacted and identify the card members who may be affected.”

A spokeswoman for the Information Commissioner’s Office said an investigation would be launched into how the information managed to get sold off.

(c) 2008 Scotsman, The. Provided by ProQuest LLC. All rights Reserved.