[ISN] Woman Asks For One Statement, Gets 75,000

From: InfoSec News (alerts@private)
Date: Mon Jan 29 2007 - 23:39:19 PST


IDM News
January 30, 2007

In an embarrassing blunder, Halifax Bank of Scotland, has responded to 
the request for a bank statement by sending 75,000 statements of its 
other customers. The mail was received by a 22 year old, Stephanie 
McLaughlan, in Aberdeen.

The unexpected mail was delivered to her door in five large parcels, 
each containing 500 statements the UK's BBC News reported today.

The package included names, addresses, account details and sort codes of 
HBOS' customers.

She told reporters that she was surprised about at the lax security HBOS 
applied to its customer information, and wondered what exactly she had 
been paying fees to the bank for if this is the end result.

HBOS, which has been in the media over security concerns now for the 
second time four months, has responded to media saying it was an 
'isolated incident'. The other concern raised was over a report by UK 
security firm, heise, which claimed that HBOS was one of seven banks 
whose websites had serious security vulnerabilities. Heise had 
demonstrated the weakness to all seven banks, but HBOS was amongst three 
that failed to fix the problem. It only did so after heise raised the 
second alarm. To this HBOS said it was not a flaw that exposed customers 
to any risk.

To put this figure in perspective, the Privacy Rights Clearinghouse has 
recently cracked the 100 million mark for lost or stolen records. under 
California's 1386 bill, Beoing was obligated to report to individuals 
the loss of 382,000 records via a stolen laptop. No similar law exists 
in Australia or the UK.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Tue Jan 30 2007 - 00:04:41 PST