NAS Devices
Menu
· Home
· NAS Forum
· Contact Us
· Account Settings
· Admin




   

NAS Devices Forum Index
FAQ FAQ  •  Search Search  •  Register Register  •  Log in to check your private messages Log in to check your private messages
Log in Log in  •  Sub-Forum Sub-Forum

Man pays £35 on for used NAS with bank info on 1 mil people
NAS Devices Forum Index » Discussion Forum » Network Attached Storage General Discussions
Post new topic   Reply to topic
View previous topic Log in to check your private messages View next topic
Author Message
NetworkGuyOffline
Post subject: Man pays £35 on for used NAS with bank info on 1 mil people  PostPosted: Aug 28, 2008 - 03:08 PM CST
Site Admin


Joined: Apr 18, 2005
Posts: 57

Reputation: 7.4Reputation: 7.4Reputation: 7.4Reputation: 7.4Reputation: 7.4Reputation: 7.4Reputation: 7.4
Status: Offline
Wow- this is scary but interesting tidbit of news. It's simply terrible security precautions taken by the previous owner of the NAS.

---

When Andrew Chapman, an IT manager in the UK, bought a used Snap! box on eBay for £35, he got a lot more than he expected. Unbeknown to Chapman, the machine contained personal bank account and credit card information on over one million American Express, Royal Bank of Scotland (RBS), and NatWest customers. Chapman told TechRepublic sister site ZDNet UK on Tuesday “that the server, a network attached storage (NAS) box, contained unencrypted backups of CDs.” Graphic Data, a data-archiving firm, had used the machine to store information for RBS, of which NatWest is a subsidiary. Customer information included names, addresses, bank account numbers, telephone numbers and customer signatures.

According to ZDNet UK:

“The IT equipment that appeared on eBay was not planned to be disposed [of] by the company and investigations are still ongoing to find out how this equipment was removed from one of Graphic Data’s secure locations,” the company said in the statement. “We take customer privacy and data security very seriously. This incident is extremely regrettable and we’re taking every possible step to retrieve the data and ensure this is an isolated incident.”

According to the Daily Mail, “a spokesman for Mail Source, which owns Graphic Data, put the situation down to an ‘honest mistake’.” We all make mistakes and even the best IT departments mess up now and again. But, Graphic Data’s allowing, either through act or omission, an employee to sell hard drives that held, or even once held, sensitive data is shameful. Shameful not just because the data was lost, but because this failure was easily preventable. Graphic Data lost control of the data because either adequate physical security policies weren’t in place, weren’t followed, or weren’t enforced.

Full story and IT security tips:

http://blogs.techrepublic.com.com/itdojo/?p=167
 
 View user's profile Send private message  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 6 Hours
Post new topic   Reply to topic
View previous topic Log in to check your private messages View next topic
 NAS Devices Forum Index » Discussion Forum »  Network Attached Storage General Discussions
View previous topic
View next topic
-->