Million bank details sold on eBay

A computer hard disc containing one million sets of bank details was bought on eBay for just £35. The secondhand PC contained details of customers from American Express, NatWest and Royal Bank of Scotland. The files included names, addresses, sort codes, account numbers, credit card numbers, mobile phone numbers, mothers' maiden names and even scans of signatures - more than enough for an identity thief.

View: The full story @ The Reg

Report a problem with article
Previous Story

HP and Acer Start Netbook Price War

Next Story

New iPods predicted in weeks

25 Comments

Commenting is disabled on this article.

This is why when we donate, sell or throw away older computers at work, we always remove the hard drives then do it... hard drives are stored here for 7yrs then destroyed in a huge shredder

Well, if you're archiving old data for seven years after the PC is beyond use, that makes sense in a way. Any hard drive that's being pulled out a obsolete computer and then stored for seven years would be probably be too small/old/slow for anyone you'd want to donate it to.

Sad that the local retail store I work at has a better security policy, were required to drill holes through hard drives before the PC's are sold for parts or destroyed.

(Xionanx said @ #5)
Sad that the local retail store I work at has a better security policy, were required to drill holes through hard drives before the PC's are sold for parts or destroyed.

I love that, it's so helpful to the environment to waste perfectly good equipment when a simple dod format would suffice.


Ebay should be forced to provide the seller and buyer's addresses, send in a swat team, problem solved. Then find out what moron of a network administrator let a user pull down all that info to his desktop pc.

(computergeek83 said @ #5.1)

I love that, it's so helpful to the environment to waste perfectly good equipment when a simple dod format would suffice.


Ebay should be forced to provide the seller and buyer's addresses, send in a swat team, problem solved. Then find out what moron of a network administrator let a user pull down all that info to his desktop pc.

As much as I want to flame you right now for your ignorance, I will just simply state that you are WRONG and if someone is determined enough data can be recovered even after 100 low level formats. You should see the process our armed forces go through to get rid of sensitive data, it involves a lot more than drilling holes..which is still not even that safe.

"I love that, it's so helpful to the environment to waste perfectly good equipment when a simple dod format would suffice."

Even that is too much work! Just drag the files to the recycling bin. That's just as good. No one can recover data from the recycling bin, plus it saves energy so is easier on the environment!!!

(C_Guy said @ #5.3)
"I love that, it's so helpful to the environment to waste perfectly good equipment when a simple dod format would suffice."

Even that is too much work! Just drag the files to the recycling bin. That's just as good. No one can recover data from the recycling bin, plus it saves energy so is easier on the environment!!!

:rolleyes:

Epic funny

(C_Guy said @ #5.3)
Even that is too much work! Just drag the files to the recycling bin. That's just as good. No one can recover data from the recycling bin


If you actually believe that, I hope you are NOT in the IT field.

There are approximately 100000 programs that can recover this stuff. DOD wipes are the only way to be sure.

(ahhell said @ #5.5)


If you actually believe that, I hope you are NOT in the IT field.

There are approximately 100000 programs that can recover this stuff. DOD wipes are the only way to be sure.

I'm pretty sure that was a joke.

(xinary said @ #5.2)

As much as I want to flame you right now for your ignorance, I will just simply state that you are WRONG and if someone is determined enough data can be recovered even after 100 low level formats. You should see the process our armed forces go through to get rid of sensitive data, it involves a lot more than drilling holes..which is still not even that safe.

I'm sorry but the armed forces of the U.S.A. uses the 5220-22 M Standard, from the DOD. Wich is a 7 step format. Only some informations have higher level security over it, wich normally envolves rewritting some ones among with the zeros many times.
Making holes on the HD looks more like some criminal trying not to get caught.
Important to remember that almos all services on the pentagon are 3rd-party services, and the informatics is one of them in the building.

(Xionanx said @ #5)
Sad that the local retail store I work at has a better security policy, were required to drill holes through hard drives before the PC's are sold for parts or destroyed.

What store do you work for, Idiots 'R Us?

If you actually need to destroy a hard drive permanently, you do not need to drill a hole in it. Hard drives are sealed units for a few reasons, and one of those reasons is that they contain material that is not environmentally friendly. Just smash it with a hammer a few times if you really do need to permanently destroy the drive... Not that I think that's a smart way to assure data security.

As other people have commented, there's easier ways of wiping the data off a hard drive than taking a power tool to it. You're obviously not a trained or certified computer hardware technician or you would know this.

(cardg said @ #5.7)
I'm sorry but the armed forces of the U.S.A. uses the 5220-22 M Standard, from the DOD. Wich is a 7 step format. Only some informations have higher level security over it, wich normally envolves rewritting some ones among with the zeros many times.
Making holes on the HD looks more like some criminal trying not to get caught.
Important to remember that almos all services on the pentagon are 3rd-party services, and the informatics is one of them in the building.

Next time you wanna pull some fantasy out of your ass and call it facts, it helps if you know how to write. Not to mention spell.

How hath thou messed up: Let me count the ways.
1) You misspelled "information" (and put an "s" on the end in an attempt to pluralize a word that's already plural)
2) You spelled "which" wrong. Twice.
3) You spelled "Involves" incorrectly as "envolves."
4) You spelled rewritting wrong. Re-write that, please.
5) A hard disk drive is corectly abriviated as HDD, not as HD.
6) You spelled "almost" as "almos" I'm willing to give you the benefit of the doubt and call it a typo, but it's still incorrect.
7) You cite NISP Operating Manual (DoD 5220.22-M) (Incorrectly caling it "the 5220-22 M Standard), claiming that it specifes a 7-step method. However, the the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.

Further, you are misinformed if you belive that the C&SM specifies repeated disk erasure as an acceptable method. As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

Now look sad an say "Duho!"

(cardg said @ #5.7)

I'm sorry but the armed forces of the U.S.A. uses the 5220-22 M Standard, from the DOD. Wich is a 7 step format. Only some informations have higher level security over it, wich normally envolves rewritting some ones among with the zeros many times.
Making holes on the HD looks more like some criminal trying not to get caught.
Important to remember that almos all services on the pentagon are 3rd-party services, and the informatics is one of them in the building.

Thank you for repeating what I said but adding factual information to it.

It begs the questions:

1) Why was sensitive information like this even on the local C drive of the machine? That's totally unacceptable.
2) Don't Amex/Natwest/RBoS have any sort of secure computer decomissioning procedure? At the company I work for, all hard drives are erased to Ministry of Defense standards before being shipped back to the leasing company, and out data is no-where near as sensitive as this.

(Airlink said @ #4.2)

But it DOES raise the question, so STFU and stop being a Dictionary Nazi.

So you agree that "beg the question" was used incorrectly then and "raise the question" should have been used instead.

(TRC said @ #4.3)
A life, get one.

2409 posts versus 21 posts. Depends what kind of life you mean. A life behind a screen or a life away from one?

Hope Someone gets fired for this one. It's shame I've had great security support from Natwest in the Past (All of them false alarms thankfully).

Anyone know who has the Hard Drive now? Has it been returned or destroyed?

Intelligence at its finest...and the UK'ers whine about the Government having data....LOL

**Shoot yourself in the foot and blame the Government**