By
updated 8/26/2008 7:45:28 PM ET 2008-08-26T23:45:28

A computer containing banking security details of more than 1 million people has been sold on eBay, bank officials said Tuesday.

The Royal Bank of Scotland acknowledged that a machine belonging to archiving company Graphic Data and sold "inappropriately to a third party" had information on credit card applications from some RBS customers and data from other banks. The computer contained account numbers, passwords, mobile telephone numbers and signatures.

"We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency," RBS said in a statement.

A former employee from Graphic Data sold a computer server used by the company on eBay without wiping the internal hard drive, said Nicole Morgan, a spokeswoman for MailSource UK, which now owns Graphic Data.

The buyer, Andrew Chapman, said he found the data when he looked at the machine's hard disk.

"I was appalled when I found the bank account information. That sort of thing shouldn't have been listed on there," he said. "It would have been possibly quite easy to find if you know something about computers."

The security breach became known when Chapman found the information and contacted authorities.

Britain's Information Commissioner's Office, the government agency responsible for protecting people's privacy, has launched an investigation into the incident.

"We are now investigating this potential data breach and will be seeking an urgent explanation from Graphic Data to establish what has gone wrong and the steps that are being taken to prevent a similar incident occurring," the information watchdog said in a statement.

Morgan said MailSource UK, based in Richmond Upon Thames in southeast England, is investigating what happened.

"The IT equipment that appeared on eBay was neither planned nor instructed by the company to be disposed," she said. "This incident is extremely regrettable and we're taking every possible step to retrieve the data and ensure this is an isolated incident."

eBay said the auction site has not yet managed to contact the buyer or seller.

"We have not seen the listing ourselves, but we do recommend people wipe hard disks before they sell computers," said spokeswoman Jenny Thomas. "We would not allow someone to openly sell bank details on our site but this seems to have been a genuine mistake."

Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments