When it comes to data breaches, it seems the hits just keep on coming. I ran across this somewhat disturbing story in the UK’s Daily Mail in which a computer was sold on eBay containing the personal information on thousands of UK banking customers from NatWest, Royal Bank of Scotland and American Express.

An employee of the banks’ outsourced data storage vendor, Graphic Data, took the computer and sold it on the online auction site. The Mail article doesn’t mention how this employee got his hands on the PC. However, there is no doubt that someone at the firm dropped the ball. I know some companies sometimes sell old computers to employees—with wiped drives, of course. (My own company used to do this, according to my IT go-to guy, but stopped a couple of years ago.)

It was also unclear in the article whether this data was actually used by thieves. Maybe the eBay seller was just a careless employee? It could have been an accident, but don’t tell that to the thousands of people whose personal information (including signatures!) was on that hard drive. Luckily, the buyer turned out to be an honest fellow so there’s a slim chance that none of the data fell into the wrong hands.

This instance certainly drives home the need for banks to vet technology service providers and to perform thorough due diligence on every one of them on an ongoing basis. In a feature on vendor management I wrote for the August issue, the topic of security and vendors came up. Everyone interviewed for the article basically said the same thing: The vendor/outsourcer must meet the same security standards as your bank because it should be considered an extension of the bank.

When there’s a data breach, the customers won’t care if it was the fault of the bank’s outsourced service provider. The only name they’ll see and care about is the bank’s name. And the bank is ultimately the one that takes the hit.

Hopefully the Mail story will have a “happy” ending and investigators will find that the data wasn’t used at all.

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in the message center do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this forum becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: The Message Center is NOT intended for commercial messages or solicitations of business.