UK Banks Dump Credentials in Bin Bags 87
Plutonite writes "BBC news is reporting that several UK banks face 'unlimited fines' for careless handling of sensitive client information. This apparently came after investigators found account details while rummaging through the trash outside the banks involved. In this age of online banking and related security problems, and in light of this scandal, where can we expect to find the greatest threat of ID theft?"
my identity was stolen! (Score:1, Funny)
Re: (Score:1)
Re: (Score:1)
Family Guy said it best: (Score:4, Funny)
Congressman: That's the spirit, Frank! But I think a real number might be more effective.
Re: (Score:3, Funny)
Re: (Score:1)
Re: (Score:1, Funny)
Re:Laws (Score:5, Informative)
2.1 Regarding the release of personal data to third parties without specific consent (or publication with the same effect), the assumption is that this is not permitted, except where specific exemptions apply. These exemptions now include:
- where required by law or statutory instrument;
- where required to prevent or detect crime;
- where required to assess or collect tax or duty;
- release to a third party who is sub-contracted to process the data in a way that meets DPA rules.
2.2 With regard to subject access rights, the data subject is presumed to be entitled to access all personal data held about her/himself that falls under the scope of the new Act, with the following main exemptions (i.e. cases where the controller of the data may decline to release certain data, but must justify doing so):
- where disclosure unavoidably identifies a third party;
- where the data was supplied in confidence e.g. references and similar judgements (but please note that examiners' marks and/or comments cannot be assumed to be exempt from disclosure.)
What else could you want? The Act allows for both civil and criminal penalties, so the banks may well be in for quite the can of whoopass.
Re: (Score:1)
Re: (Score:3, Interesting)
I suspect you're being a little harsh on Richard Thomas and his team. If you look at the position statements on the ICO's web site, they're generally very reasonable, and the office does take action against organisations that don't respect data protection and freedom of information rules. However, he has stated that to do the job properly, he would need 3x the team he's been given, and unlike most government empire-builders, I'm actually prepared to give him credit for being realistic there.
Re: (Score:1)
Re: (Score:2)
What would you do in their position? Not going after cases affecting a few people because you only have the resources to pursue cases affecting many people is probably the least o
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Actually the law is not that simple really, because of the definition of "personal data", and a whole load of exceptions. Plus theres some other stuff about direct marketing and stuff.
Wikipedia:
http://en.wikipedia [wikipedia.org]
Re:Laws and regulators (Score:2)
Or not. Just look at what the water regulators have done to the water companies that allow their pipes to leak so much that they have to impose hosepipe bans and standpipes in some places
A reasonable sum to hurt a bank and make them be careful is going to be about 10% of their profits : 25 million or so for Barclays highstreet banking I gather (http://news.independent.co.uk/business/
Re: (Score:2)
I don't need to be able to quote law to notice that the only buisinesses in my neighborhood that don't have outdoor trash collection are the banks. Anyone with common sense would avoid a bank that had dumpsters. This isn't a new thing, I'm almst 50, and I've never seen a bank that set its trash outside. Of course, the secure trash truck, I'm
Re: (Score:2)
Not in corporate offices (Score:5, Insightful)
The greatest threat to ID theft has always been humans. The vast majority of security breaches are from social engineering.
Re: (Score:3, Insightful)
If they never existed people would never throw away printed plain-text passwords, never stick access codes on post-it notes to their monitor, and everyone would be immune to social engineering.
Re: (Score:2)
As if it was Microsoft's fault that managers came up with the idea that passwords were the culprit in our security problems. Sure, some users have quite weak passwords. That's sub-optimal. But when you make them use like 8 digit passwords with letters, special characters and at least one capital letter they will immediately start writing them down. Especially when they have to change it every month.
Happened in my company. Why? Because there's data from the itali
Re: (Score:2)
Requiring special characters, capital letters and such just makes the keyspace smaller and makes it easier to do a brute-force attack on a password. The only somewhat sensible requirement in there is a minimum length.
Re: (Score:1)
A: roll 60 on a d100 (no save)
B: roll 90 on a d100 (no save) hmm grabbing my pda and doing 5 sets
27 and 50
72 and 17
39 and 62
84 and 29
51 and 74
looks like somebody needs some class bonuses or something
This is why I keep my cash ... (Score:1)
Nobody steals my identity!
I wish they would... I'm sooooo lonely down here...
Guess what. You are still banking (Score:1)
So you will have to convert that stash under the litter box to gold if you want to be free from the talons of corrupt banking institutions.
Believe it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Not really. That's what they teach people in university. A fun theory. Prices (currency) today are set by Central Banks. They are large corrupt private banks. Gold's value will not completely collapse unless you discover how to make it from sea water. Currency's collapse when the central banks decide it's time to kill it. I've been to the Fed in NYC and touched the gold bars. Most of it isn't ours anyway. US holds about 2% of dollar issued backed in gold
Re: (Score:1)
Not uncommon in the US (Score:5, Interesting)
You might be wondering why IT staff would have account information on paper. There are a variety of reasons. Periodic statements still go to most customers by paper, and the IT departments are responsible for their automation. A large percentage of people on the business side still like to see reports on paper and often the IT department is responsible for generating them. We are very far from having paperless companies. And in my experience paper disposal policies are largely missing or ignored.
Re: (Score:1)
it aint ever been safe (Score:5, Informative)
its not really easy to get money out the banks though. they open after i start work, close before i finish, they're difficult during the lunch hour. hell, they only people they're accessible to is bank robbers.
Re: (Score:2)
I love banks.
Bank Data sent from US to UK Unencrypted (Score:2)
Re: (Score:2)
One of the largest payment processors in the US routinely sends chargeback info as normal mail in large envelopers prominently stamped with their company name (very obvious it's a credit card processor) and some slogan about their payment processing business.
Inside the envelope you will not only find the basis for the chargeback and the customer name, but you will also find fun things like copies of their statements with the charged back payments highlighted, etc (instead o
Re: (Score:1, Interesting)
Re: (Score:1)
Re: (Score:2)
Greatest threat of information theft.... (Score:2)
Therefore, don't deal with a company that employs, or outsources to companies who employ stupid people.
Of course....this is much easier said than done......
/usr/bin? (Score:3, Funny)
Oh the punnage! (Score:1)
Sounds like airport security (Score:2)
Re:Sounds like airport security (Score:5, Funny)
If you are digging around in the banks garbage, you must be a terrorist
Re: (Score:2)
"This restaurant sure throws away a lot of paper, and hardly any food!"
Re: (Score:2)
Homerland? Is that Fox's version of Disneyworld? And why do they get their own federal department? It must be a return favor for Fox News.
My father's story... (Score:5, Interesting)
The result, 5 years later: We found out that the bank had known this fraud was taking place on his accounts (we have one of their internal documents explicitly stating this), yet they covered this up during the discovery process and only gave it to us years later. She's never been arrested nor paid any restitution for what she did, the "Federally Protected" IRA was never reinstated, and a judge in Wisconsin had my father put in jail for refusing to give her his car, which the judge had mistakenly awarded to both of them during the divorce trial. My father sued the bank and has recovered nothing to date.
Your money is not safe, and no one cares.
Re: (Score:1)
Please read my response to Plutonite's post below. Or, you're welcome to contact me via my photo website listed below my Slashdot username (http://www.pbase.com/artyler) and I'll happily email you a copies of the complaints, affidavits, etc.
We're not rubes; it's the system, and if you ever find yourself mired in a legal nightmare like this, you'll discover very quickly why people talk about the difficulties of sueing someone with deeper pockets than you.
Re: (Score:1)
It is for cases such as these that "inf
Re: (Score:1)
Re: (Score:2)
You've been screwed, and need to seek (better!) legal advice. However, while it's generally true that large corporations don't particularly care abo
Talinkg Points (Score:2, Insightful)
2. I treat my personal data like it's already on billboards. Obviously the banks don't care about our privacy, so I try to use services where my personal information isn't needed. Using prepaid credit cards instead of a credit line at the bank, or money orders instead of a checking acou
Re:Talking Points (Score:2)
http://www.bankcharges.info/ [bankcharges.info]
I'm sure UK readers will really enjoy reading the site and sending off those letters to their banks.
Re: (Score:1)
Re: (Score:2)
Re: (Score:3, Informative)
You do know you can get debit cards on the VISA network, right?
I don't know about prepaid, but that's what my bank gave me, and I've never had a situation where it's been rejected online for being a debit card rather than a credit card.
Re: (Score:1)
That's even worse as they can then clean out all your money from your main account. A credit card is preferable as then the credit company is jointly liable with the merchant if it is not delivered and if there is fraud for which you are not liable then the card compan
Re: (Score:2)
I once had a total MORON tell me that "No, you don't need to know who we sent this $50 from your account, because we have a signed agreement from you that lets us take money from your account and send it one specific person."
The fool seemed to to think that if I gave authorization for one transfer, it meant I authorized everyone to ta
Comment removed (Score:3, Interesting)
Re: (Score:2, Funny)
Which would imply the govenment shows
1) Joined up thinking
2) Competence
That's some whacko theory you've got there
Re: (Score:2)
Those things being failure, recklessness and brazen stupidity.
... greatest threat of ID theft? People! (Score:1)
Bin Bags (Score:1, Troll)
Re: (Score:1)
hard to say how they do it (Score:4, Informative)
I was under the impression that banks always were anal about destruction of customer records.
The US Navy has an interesting method also. They have these three level shredders. First level does strips. Second level does squares. Thrid level can best be described as "paper dust", it's the consistency of fine sawdust. Then they flush that out below decks directly into the water. Good luck getting that back.
Sounds Like... (Score:2)
The British Bankers' Association Explains... (Score:1)
Duh.... (Score:2)
Banks dump sensitive data (Score:1)