Papewaio
08-27-2008, 02:07
Customers' bank details sold on eBay (http://www.smh.com.au/news/technology/customers-bank-details-sold-on-ebay/2008/08/27/1219516507005.html)
A British data processing firm has launched an urgent review after a staff member sold a computer on eBay containing personal details of a million bank customers, a spokeswoman said.
The computer was bought on the online auction site for £35 ($75) by Andrew Chapman, an IT manager from Oxford, in central England, who found the information on the computer's hard drive.
Ok, and now for the most flimsy excuse I have seen yet:
A spokeswoman for Mail Source said the employee who sold the computer had made an "honest mistake" but insisted it had been an "isolated incident".
She said: "The computer was removed from our secure storage facility in Essex and sold on eBay.
"We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared.
It might be an honest mistake for the employee. But it does not take off any pressure from the business. The business should have processes, audits and means in place to protect all data.
Even with non-sensitive business data when it is decommissioned here we swipe the hard drives with a degaussing wand and then put a dent into the physical hard drive so the platters are squashed.
Also how can they say it was an isolated incident... they only know about this because the guy who found it came forth. The other 'two hundred' servers might have been sold to the Russian hackers already. :laugh4:
A British data processing firm has launched an urgent review after a staff member sold a computer on eBay containing personal details of a million bank customers, a spokeswoman said.
The computer was bought on the online auction site for £35 ($75) by Andrew Chapman, an IT manager from Oxford, in central England, who found the information on the computer's hard drive.
Ok, and now for the most flimsy excuse I have seen yet:
A spokeswoman for Mail Source said the employee who sold the computer had made an "honest mistake" but insisted it had been an "isolated incident".
She said: "The computer was removed from our secure storage facility in Essex and sold on eBay.
"We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared.
It might be an honest mistake for the employee. But it does not take off any pressure from the business. The business should have processes, audits and means in place to protect all data.
Even with non-sensitive business data when it is decommissioned here we swipe the hard drives with a degaussing wand and then put a dent into the physical hard drive so the platters are squashed.
Also how can they say it was an isolated incident... they only know about this because the guy who found it came forth. The other 'two hundred' servers might have been sold to the Russian hackers already. :laugh4: