Bank details of 1 million customers sold on eBay

LONDON (Reuters) - Account holders’ personal details have been found on a computer sold on eBay, banks said on Tuesday, adding to fears over data security.

A branch of the Royal Bank of Scotland in a file photo. REUTERS/Luke MacGregor

Media reports said details of more than a million customers of Royal Bank of Scotland, American Express and NatWest were found on the computer sold for 35 pounds on the auction and shopping website.

***Have your say on personal data security here

RBS said the information included historical data related to credit card applications and data from other banks, but would not disclose further details.

The Daily Mail said names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers’ maiden names and even signatures had been left on the hard drive.

The information was being held by archiving firm Graphic Data, which copies paperwork from some of Britain’s biggest financial organisations and stores it digitally.

A former employee sold the computer earlier this month without removing the information, media reports added.

The personal information was discovered when the buyer, an IT manager, looked at the hard drive.

“Graphic Data has confirmed to us that one of their machines appears to have been inappropriately sold on via a third party,” RBS said in a statement.

“As a result, historical data relating to credit card applications from some of our customers and data from other banks were not removed.”

Graphic Data said in a statement: “The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed.

“Investigations are ongoing to find out how this equipment was removed from a secure location.”

RBS said it was working to resolve “this regrettable loss with Graphic Data as a matter of urgency”.

The incident is the latest in a string of mishaps involving sensitive personal information by government and businesses.

In April, HSBC said a computer disc containing details of nearly 400,000 customers went missing after being sent via Royal Mail courier, while last December Norwich Union Life, one of the UK’s largest life insurers, was fined 1.26 million pounds by the regulator for exposing its customers to the risk of fraud.

Last week, the personal details of every prisoner in England and Wales were lost by a government contractor.

That followed earlier breaches including the loss of secret intelligence files, information about millions of child benefit claimants and details about learner drivers going missing.

Liberal Democrat MP Tom Brake said there needed to be a “cultural change” among banks and in government when dealing with sensitive information to prevent the current “slapdash” approach. He called for more stringent penalties when security is breached.

“They have to value the information as if it got into the wrong hands, then they would put the appropriate measures in place,” he said.

Editing by Stephen Addison.