Banking details found on eBay computer

Smashed computer screen

An investigation has been launched after a computer sold on eBay for £35 was found to contain banking details of up to one million Royal Bank of Scotland, NatWest and American Express customers.

The computer contained sensitive information about customers, including their bank account details and signatures, on its hard drive. It is believed to have been sold by a former employee of Mail Source, an archiving firm that digitally stores paperwork from Britain’s biggest financial companies.

Mail Source says it is now investigating the violation, but stresses this was an “isolated incident” that it is taking “very seriously”.

According to the Daily Mail, the computer was bought by Andrew Chapman, an IT manager from Oxford, for £35. He raised the alarm after finding the information on the hard drive.

The information held – including names, addresses, maiden names and even signatures – was more than sufficient to aid identity theft.

ID theft is one of the UK's fastest growing crimes, affecting more than 100,000 people every year with £1.7 billion stolen annually.

Banking groups are required under the Data Protection Act to keep their customers’ information safe from ID thieves.

A spokeswoman for eBay says: “Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay.

"We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site.”

Mail Source says it is investigating how the computer came to be on sale on eBay.

A spokeswoman adds: “The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed. Investigations are ongoing to find out how this equipment was removed from a one of our secure location.
 
"We take customer privacy and data security very seriously. This incident is extremely regrettable and we’re taking every possible step to retrieve the data and ensure this is an isolated incident.” 

More about