Laptop Sold on eBay Held Sensitive Information of a Million Bank Customers

By August 29, 2008 2 comments

Bank account numbers, phone numbers, mothers' maiden names and signatures of customers of the three banks were found on a computer sold for £77 on the auction site eBay this week. Winner of the auction was Alan Chapman from Oxford, an IT manager. The information came from Graphic Data, a digital archive for financial companies including banks. According to, these banks were Royal Bank of Scotland, NatWest banks and American Express. An eBay spokesperson says: "Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay. We fully expect Mr Chapman to hand it back to Graphic Data as soon as possible. We will of course work with Graphic Data to establish how it came to be available for sale on our site.", reports

BBC says RBS and NatWest representatives call the million-customer security breach incident "extremely regrettable" and "a matter of urgency."

With stolen business laptop stories appearing in the media on a regular basis, it is shocking that a multinational organization would allow so many gaps in the security chain. The lack of accountability is shown clearly: no specific employee to be shown responsible, a business that allows that much sensitive data to be removed from the archive, how the hardware came to house the data.

Such an egregious security breach will obviously bring into the forum the UK's Data Protection Act of 1998. On a business level, though, not only Graphic Data will suffer, with such a drastic blow to business confidence, but also to the banks involved. With the general malaise of the public in relation to the economy right now, skittishness towards banks is heightened. Even if a customer is not one of the million that had data compromised, it wouldn't be surprising if they decide to migrate elsewhere.

Page top


[...] ASC recognizes that our personal data is often out of our control. While we can do what we can to protect our it, there’s always the chance of it being obtained from a third party, as happened recently when a hard drive containing the personal information of over a million bank customers was sold on eBay. [...]

Submitted by IdentitySecure Spies on Hackers to Keep Your Data Safe (not verified) - on October 03, 2008 at 12:16 am


Submitted by megallodon (not verified) - on July 05, 2010 at 09:06 am

Legal mentions © L’Atelier BNP Paribas