UK Banks Dump Credentials in Bin Bags - Slashdot

Become a fan of Slashdot on Facebook

×

UK Banks Dump Credentials in Bin Bags 87

Posted by CowboyNeal on Saturday October 28, 2006 @12:55PM from the airing-the-trash dept.

Plutonite writes "BBC news is reporting that several UK banks face 'unlimited fines' for careless handling of sensitive client information. This apparently came after investigators found account details while rummaging through the trash outside the banks involved. In this age of online banking and related security problems, and in light of this scandal, where can we expect to find the greatest threat of ID theft?"

This discussion has been archived. No new comments can be posted.

UK Banks Dump Credentials in Bin Bags

Search 87 Comments Log In/Create an Account

Comments Filter:

Not uncommon in the US (Score:5, Interesting)

by truthsearch ( 249536 ) writes: on Saturday October 28, 2006 @01:14PM (#16623360) Homepage Journal

Many financial institutions' IT departments in the US have no policies for paper shredding. I was always mindful to shred account information, but many of my coworkers were not. No rules were published and I've never heard it brought up as an issue by management.

You might be wondering why IT staff would have account information on paper. There are a variety of reasons. Periodic statements still go to most customers by paper, and the IT departments are responsible for their automation. A large percentage of people on the business side still like to see reports on paper and often the IT department is responsible for generating them. We are very far from having paperless companies. And in my experience paper disposal policies are largely missing or ignored.

Share
twitter facebook
My father's story... (Score:5, Interesting)

by IcebergSlim ( 450399 ) writes: on Saturday October 28, 2006 @01:49PM (#16623616)

5 or 6 years ago my father came down with cancer, and his wife (now ex) took over the regular task of managing the finances of the household, etc. (This was in Wisconsin.) She also took it upon herself to fraudulently clean out his "Federally Protected" IRA, all of his *non-joint* accounts, filed false tax returns, and then ran up tens of thousands of dollars in debt in his name (hiding the statements and records to keep the game going as long as possible). She even bought a $20,000 diamond ring and a Mercedes for herself -- all while my Father was going through radiation treatment and surgery, etc. Finally, the house of cards came tumbling down, the police were notified, and she admitted everything.

The result, 5 years later: We found out that the bank had known this fraud was taking place on his accounts (we have one of their internal documents explicitly stating this), yet they covered this up during the discovery process and only gave it to us years later. She's never been arrested nor paid any restitution for what she did, the "Federally Protected" IRA was never reinstated, and a judge in Wisconsin had my father put in jail for refusing to give her his car, which the judge had mistakenly awarded to both of them during the divorce trial. My father sued the bank and has recovered nothing to date.

Your money is not safe, and no one cares.

Share
twitter facebook
Comment removed (Score:3, Interesting)

by account_deleted ( 4530225 ) writes: on Saturday October 28, 2006 @01:50PM (#16623630)

Comment removed based on user account deletion

Share
twitter facebook
Re:Bank Data sent from US to UK Unencrypted (Score:1, Interesting)

by Anonymous Coward writes: on Saturday October 28, 2006 @02:19PM (#16623798)

Your post hits the nail on the head when it says "The information security people hit the roof...". I am currently working at a UK financial institution dealing with live data provided by various third parties. Their governance rules are clear and the infosec team available and helpful, but dispite this, when I took over the role, customer data was being sent unencrypted on CDR from site to site. The point is that the teams involved had never been told what their responsibilities were. It may seem obvious to you and I, but many business people are just not aware. Training and Auditing are the only responses.

Now I have mandated PGP, which incidentally has a wonderful feature called Self-Decrypting Archives. It's a Windows executable that contains both the encrypted data and the program to decode it. Makes life very easy.

Posting anonymously for obvious reasons.

Parent Share
twitter facebook
Re:Laws (Score:3, Interesting)

by Anonymous Brave Guy ( 457657 ) writes: on Saturday October 28, 2006 @03:32PM (#16624312)

I suspect you're being a little harsh on Richard Thomas and his team. If you look at the position statements on the ICO's web site, they're generally very reasonable, and the office does take action against organisations that don't respect data protection and freedom of information rules. However, he has stated that to do the job properly, he would need 3x the team he's been given, and unlike most government empire-builders, I'm actually prepared to give him credit for being realistic there.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

Ya'll hear about the geometer who went to the beach to catch some rays and became a tangent ?