It's not the first time something like this has happened, and it won't be the last. What's worrisome is that it probably happens more often than we know, and we just don't hear about it.
No, someone didn't explicitly sell personal info on eBay. What they did was sell a hard drive with the bank account numbers, phone numbers, mothers' maiden names and signatures of 1 million customers of American Express, NatWest and the Royal Bank of Scotland on it. Big oops, right?
Fortunately, the buyer was Andrew Chapman, an IT manager from Oxford, and not some scammer. Obviously, the odds are in favor of the buyer either being someone honest, or else just not noticing the extraneous data.
The drive originally belonged to data archival firm Graphic Data, which is owned by Mail Source.
In a statement, Mail Source said:
"Investigations are still ongoing to find out how this equipment was removed from one of Graphic Data's secure locations. We take customer privacy and data security very seriously. This incident is extremely regrettable and we're taking every possible step to retrieve the data and ensure this is an isolated incident."
Waitasec, since the buyer reported it, just how hard is it to retrieve the data? A spokesperson added:
"We know which employee took the server and sold it, but we believe it was an honest mistake and it was not intentional to sell it without the server being cleared."
For those of us who might want to sell or donate a used hard drive, it serves as a reminder: use something like SDelete to really
wipe your hard drive before giving it to someone.