|
National Data Loss Stories -Banks and Prisons
Jonathan sold two stories about data loss within a week that set the national news agenda.
1) Millions of customers' bank records sold on eBay
2) Prison staff's personal data lost.
Jonathan was contacted by Andrew Chapman who bought a second hand computer on eBay and discovered millions of customers' bank records.
Mr Chapman was wary about approaching the media and asked Jonathan to set up a deal for him and manage the consequential publicity.
The story was sold as an exclusive front page story to the Daily Mail newspaper and was picked up by all the other national newspapers, television and radio stations.
As well as helping Mr Chapman get the best fee Jonathan also helped him with subsequent interviews for which he was paid and even secured him a payment for returning the computer.
Scroll down to read the full story
The second story came from a Prison Service source who wanted to remain anonymous.
Jonathan set up a lucrative exclusive deal with News of the World newspaper.
Again, the story hit the national media and Jonathan ensured the source was not discovered.
Scroll down to read the full story
--------------------------------------------------
Personal data of a million bank customers found on computer sold on eBay for £35
Daily Mail newspaper
Personal details of more than a million bank customers have been found on a computer sold on eBay.
Highly sensitive information on American Express, NatWest and Royal Bank of Scotland customers was stored on the machine's hard drive.
It includes names, addresses, mobile phone numbers, bank account numbers, sort codes, credit card numbers, mothers' maiden names and even signatures.
'A thief's treasure chest': Andrew Chapman with the hard disk drive he bought on eBay containing the private bank details of more than a million people
It was described as 'a data thief's treasure chest', with everything a criminal needs to assume a customer's identity - and clear out their bank account.
The massive data loss - one of the worst ever in Britain - is a clear breach of the banks' obligation under the Data Protection Act to keep all personal information secure.
Coming just days after the Home Office admitted losing the details of 127,000 criminals, it is certain to fuel public concern about how Government and businesses look after our secrets.
Last night it was revealed that a second computer from the same site has gone missing, meaning yet more information could have been leaked.
IT security expert Adam Laurie said: 'This is appalling. This information is worth millions - a thief could easily use it to go on an enormous shopping spree.'
Liberal Democrat spokesman Tom Brake said: 'This is yet another example of a seemingly trusted organisation appearing to be sloppy with people's personal information.
'This kind of data is invaluable and needs to be treated as such. People are entitled to wonder why they are constantly being told about the importance of protecting personal information when large organisations don't seem to follow the same rules themselves.'
Both American Express and NatWest/RBS claimed they need to establish how many customers are affected before deciding how to act.
'But it is likely that everyone whose details have been exposed will be forced to change their credit cards and bank accounts.
Liberal Democrat spokesman Tom Brake described the data loss as sloppy
'The companies involved could also be fined.
Last year the Financial Services Authority fined Nationwide £980,000 after it lost a laptop containing customer information.
'The banking information was being held by the archiving firm Graphic Data, which copies paperwork from some of Britain's biggest financial organisations, then stores it digitally.
It was on a computer previously used at the company's archive in Shoeburyness, Essex.
A former employee sold it on eBay for just £35.88 earlier this month. Crucially, he did so without first erasing the internal hard drive.
It was only when buyer Andrew Chapman started looking at the hard disk that its astonishing contents came to light.
Mr Chapman, a 56-year-old IT manager from Oxford, said: 'I couldn't believe it. In front of me was reams of extremely confidential information about thousands and thousands of people.'
Some of the data first belonged to NatWest and includes thousands of applications for credit cards.
They have the applicant's name, address, date of birth, email address, bank account number, sort code, mothers' maiden name, card number and signature.
There are also 1,314 credit card balance transfer requests received by American Express.
Each contains the customer's name, address and signature and the numbers of the cards. Information from RBS included yet more card applications and credit checks.
The Information Commissioner's Office said it would investigate urgently.
Graphic Data said: 'Certain pieces of IT equipment have been removed from a secure area. We are seeking to recover this equipment, which apparently contained customer data.
'We take customer privacy and data security very seriously.'
A spokesman for NatWest/RBS said: 'RBS and NatWest take data protection extremely seriously and have very strict procedures to ensure the security of information at all times.
'Any breach of these procedures is totally unacceptable and is investigated as a matter of urgency.'
American Express said it was 'looking into it'.
The scandal is the latest in a series of high-profile data security breaches.
Just last week the Home Office admitted one of its contractors had lost a computer memory stick holding the details of 127,000 criminals.
The blunders have increased public distrust of the authorities' ability to keep their personal information secret - and increased opposition to the proposed national identity card scheme.
Case study
As someone with a limit of more than £20,000 on his credit card, Christopher Tomlins was shocked to learn that NatWest has lost the information that could give anyone access to his account.
When told about the breach by the Daily Mail, Mr Tomlins, 32, said: 'It is like they have given my house keys to a stranger and then said, "Help yourself".'
Mr Tomlins's personal information is revealed in a photograph of an application for a NatWest 'black' credit card he made on April 14, 2005.
The completed application form contains his name, address, date of birth, mobile phone number and home phone number.
It also reveals his mother's maiden name, signature, annual income, bank account number, bank sort code and the 16-digit number of the credit card he was granted.
Yesterday Mr Tomlins, who runs his own lighting company in Ealing, West London, said: 'I am amazed that NatWest have let this information get out. If the company looking after the information was getting rid of the computer, they should have destroyed the hard drive.'
Mr Tomlins's details were contained on one of 227 photographs of separate credit card application forms found on just one of 32 computer files containing NatWest card information.
--------------------------------------------------
CRIMINAL
News of the World newspaper
THE lives of 5,000 prison staff have been put at risk in a new Government missing data scandal, the News of the World can reveal.
A computing firm working for Jack Straw's Ministry Of Justice has confessed to losing a portable hard-drive disk containing sensitive private information about jail governors and GUARDS.
The disk holds names, dates of birth, national insurance and prison service employee numbers. It is also believed to include addresses.
We can also reveal it was ONE YEAR before anyone at the firm, EDS, realised the disk had been lost.
It is feared the data on it could put prison staff at risk of revenge attacks or be used to target jail workers in corruption scams or escape plots.
Last night furious Justice Secretary Mr Straw told us: "I am extremely concerned about this missing data.
"I was informed of its loss at lunchtime by the News of the World and have ordered an urgent inquiry into the circumstances and the implications of the data loss and the level of risk involved. I have asked for a report as to why I was not informed as soon as my department became aware of this issue. My officials are also in touch with EDS. We take these matters extremely seriously."
A prison service source told us: "Senior staff have gone to great lengths to keep this quiet. There are criminals out there who would love to get their own back on guards and governors. This could give them all the details they need to take revenge.
"At its very worst we could see violent offenders knocking on the doors of guards and governors."
The blunder is revealed in a letter seen by the News of the World from the IT firm to the prison service, confessing it has lost the 500GB hard-drive.
It was shipped from its offices in Mitcheldean, Gloucs, for testing at its centre in Washington, Wearside, on July 20 last year. It was then moved to the company's base in Telford, Shrops.
It was only when a member of staff there went to use it on July 2 this year that it was found to be missing. Incredibly the letter—sent by David Willis of the EDS Security Team to Prison Service Accreditor Jim Hassan— goes on to suggest there may be little hope of finding the disk. It is not known how far up the hierarchy communication about the lost disk went.
But Mr Hassan's boss is Phil Wheatley, director general of the National Offender Management Service.
He should have been told about the loss of such sensitive information and he would be expected to tell the Justice Minister, including Mr Straw.
The prison whistleblower told us: "It gives crooks a huge leg-up in targeting prison officers to bring in illicit contraband, either by some gentle persuasion or by menace and threats.
"There's also a fear it could help any prisoner plotting an escape. They could threaten families unless the officer helps them out." The cock-up is the latest in a string of lost data incidents which have embarrassed the Government.
They range from the loss of details of 25million people who receive child benefits to top secret documents with the latest intelligence on Al Qaeda, and details of serious criminals.
The new scandal is a blow to Gordon Brown weeks ahead of the Labour conference many critics believe will be make-or-break for the Prime Minister with Labour 19 per cent behind the Tories in the polls.
Last night Shadow Justice Secretary Nick Herbert said: "The records of prisoners have been lost already and now we discover that personal data about prison officers has gone too. When was this incompetent Government planning to own up to another data disaster, this time one which has put the security of thousands of its own employees at risk?
"And if, as they claim, they didn't know about it, who on earth is running this department?"
back to list
|
