Data watchdogs did not want to see eBay bank server

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.theregister.co.uk/2008/08/28/data_bank_details/

By John Oates
The Register
28th August 2008

The man who paid 35UKP for a server stuffed full of Royal Bank of Scotland 
and NatWest customer details has been left less than impressed with the 
reaction of UK data regulators.

Andrew Chapman's story hit the news after he bought a server on eBay which 
contained over a million customer details including full account details, 
mothers' maiden names, addresses and even scans of signatures. But neither 
the Financial Services Authority nor the Information Commissioner's Office 
contacted Chapman when he went public with what he found inside the 
machine.

Chapman said he phoned the Information Commissioner Office's head of 
investigations and offered him the machine. Instead he was told to return 
it to Graphic Data.

Chapman, an IT manager from Oxford, told the Reg: "I don't really see how 
either the FSA or ICO can ascertain what happened by relying on Graphic 
Data. It is a nonsense to ask companies to self-report." He said he was 
told the ICO had no power to seize equipment - although that clearly would 
not have been necessary in this case.

[...]

http://conference.hackinthebox.org/hitbsecconf2008kl/
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml