Highly sensitive financial documents found in a UK dumpster
Technorati Tag: Security Breach
Date Reported:
10/23/08
Organization:
Banco Santander, S.A.
Contractor/Consultant/Branch:
Abbey National plc.
Branch at 49-53 Deansgate, Bolton, Lancashire, UK
Location:
Bolton, Lancashire, UK
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"names with bank card numbers, including expiry dates, security codes, account numbers and signatures", also "mortgage payments, home values, loans, jobs and salaries, as well as household budgets, including estimates of monthly bill payments"
Breach Description:
"CONFIDENTIAL details of dozens of bank customers were found dumped in a back street in Bolton town centre." A man walking his dog stumbled upon the sensitive information which appears to have come from the Abbey, "the sixth biggest bank and one of the largest providers of mortgages and savings in the UK."
Reference URL:
The Bolton News
Report Credit:
Julian Thorpe, The Bolton News and brought to the attention of The Breach Blog by an informed reader.
Response:
From the online source cited above:
CONFIDENTIAL details of dozens of bank customers were found dumped in a back street in Bolton town centre.
[Evan] I think this kind of thing happens much more often than it is reported and much more often that people would like to admit. Low-tech exploits (if you want to call them that) like dumpster-diving can bring identity-theft, corporate espionage, and the like to a level that allows an unsophisticated thief to capitalize. Low-tech exploits are also often the "low hanging fruit" for opportunists.
The files - which contain names with bank card numbers, including expiry dates, security codes, account numbers and signatures - were found in an Asda carrier bag behind the Abbey branch in Deansgate, Bolton.
The papers also detailed customers’ mortgage payments, home values, loans, jobs and salaries, as well as household budgets, including estimates of monthly bill payments.
Most of the papers were photocopies or computer printouts headed with the red Abbey logo, and they contained details of mortgages ranging from £50,000 to more than £110,000.
The discovery was made by Terence Howarth, aged 20, as he was walking his girlfriend’s dog in the town centre.
A picture of Mr. Howarth holding some of the information he found. Source: The Bolton News
Mr Howarth said he was walking along Hotel Street at about 11.30pm on Sunday when the dog, Bertha, ran down Back Hotel Street, the alleyway where a number of businesses, including Abbey, leave bins.
he went to retrieve the seven-year-old Boxer, it started rooting around and he noticed an Asda carrier bag next to one of the bins
Mr Howarth could not believe his eyes when he looked in the bag and found a three-inch thick wad of papers full of highly personal information.
[Evan] Obviously the victims are fortunate in this incident that Mr. Howarth found the information. Things could have easily been worse.
there were other papers with more personal details scattered in the alleyway
Mr Howarth said: "I’m just shocked. Those papers should have been shredded."
[Evan] Yup, but if common sense were more common, I would get paid much less than I do, wouldn't I? Kind of a catch-22.
Anthony Frost, head of corporate communications for Abbey, said the bank had taken steps to ensure the blunder did not happen again.
[Evan] Like what exactly?
He said: "We apologise for what has happened and take this matter very seriously."
[Evan] I wonder if Abbey intends to notify the affected individuals?
Commentary:
Dumpster-diving can be very lucrative to those people who have the time and interest, and don't mind an occasional visit from law enforcement. The risks outweigh the rewards for me personally.
Past Breaches:
Unknown
Date Reported:10/23/08
Organization:
Banco Santander, S.A.
Contractor/Consultant/Branch:
Abbey National plc.
Branch at 49-53 Deansgate, Bolton, Lancashire, UK
Location:
Bolton, Lancashire, UK
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"names with bank card numbers, including expiry dates, security codes, account numbers and signatures", also "mortgage payments, home values, loans, jobs and salaries, as well as household budgets, including estimates of monthly bill payments"
Breach Description:
"CONFIDENTIAL details of dozens of bank customers were found dumped in a back street in Bolton town centre." A man walking his dog stumbled upon the sensitive information which appears to have come from the Abbey, "the sixth biggest bank and one of the largest providers of mortgages and savings in the UK."
Reference URL:
The Bolton News
Report Credit:
Julian Thorpe, The Bolton News and brought to the attention of The Breach Blog by an informed reader.
Response:
From the online source cited above:
CONFIDENTIAL details of dozens of bank customers were found dumped in a back street in Bolton town centre.
[Evan] I think this kind of thing happens much more often than it is reported and much more often that people would like to admit. Low-tech exploits (if you want to call them that) like dumpster-diving can bring identity-theft, corporate espionage, and the like to a level that allows an unsophisticated thief to capitalize. Low-tech exploits are also often the "low hanging fruit" for opportunists.
The files - which contain names with bank card numbers, including expiry dates, security codes, account numbers and signatures - were found in an Asda carrier bag behind the Abbey branch in Deansgate, Bolton.
The papers also detailed customers’ mortgage payments, home values, loans, jobs and salaries, as well as household budgets, including estimates of monthly bill payments.
Most of the papers were photocopies or computer printouts headed with the red Abbey logo, and they contained details of mortgages ranging from £50,000 to more than £110,000.
The discovery was made by Terence Howarth, aged 20, as he was walking his girlfriend’s dog in the town centre.
A picture of Mr. Howarth holding some of the information he found. Source: The Bolton News
Mr Howarth said he was walking along Hotel Street at about 11.30pm on Sunday when the dog, Bertha, ran down Back Hotel Street, the alleyway where a number of businesses, including Abbey, leave bins.
he went to retrieve the seven-year-old Boxer, it started rooting around and he noticed an Asda carrier bag next to one of the bins
Mr Howarth could not believe his eyes when he looked in the bag and found a three-inch thick wad of papers full of highly personal information.
[Evan] Obviously the victims are fortunate in this incident that Mr. Howarth found the information. Things could have easily been worse.
there were other papers with more personal details scattered in the alleyway
Mr Howarth said: "I’m just shocked. Those papers should have been shredded."
[Evan] Yup, but if common sense were more common, I would get paid much less than I do, wouldn't I? Kind of a catch-22.
Anthony Frost, head of corporate communications for Abbey, said the bank had taken steps to ensure the blunder did not happen again.
[Evan] Like what exactly?
He said: "We apologise for what has happened and take this matter very seriously."
[Evan] I wonder if Abbey intends to notify the affected individuals?
Commentary:
Dumpster-diving can be very lucrative to those people who have the time and interest, and don't mind an occasional visit from law enforcement. The risks outweigh the rewards for me personally.
Past Breaches:
Unknown
Posted by Evan Francen at 10/23/2008 1:20 PM 
Categories: Abbey National plc, Banco Santander, Insecure Discard
Categories: Abbey National plc, Banco Santander, Insecure Discard
Posts Atom 1.0
Comments