[ISN] Why were our bank details on a laptop?

From: InfoSec News (alerts@private)
Date: Sun Mar 04 2007 - 22:12:28 PST


By Rebecca Bourne
27th February 2007

THOUSANDS of county council employees are demanding answers after being 
informed they have been left at risk of identity fraud following the 
theft of their bank and national insurance details.

Banks across the county are on high alert after the Worcester News 
revealed on Saturday how a laptop computer containing the personal 
information of 16,239 staff, and even some ex-employees, was taken in a 
street robbery.

It was in the hands of an employee of the council's IT supplier Serco at 
the time but the firm has declined to give more details on the robbery.

The council has sent out letters to all employees affected. The letter 
gives brief details of what happened and gives a hotline number.

The hotline, set up by the council, has received more than 300 calls 
already from concerned workers desperate for more information on what 
they can do to help protect themselves from fraudsters.

One past employee, who left her job at the county council in September, 
said she was angry about the lack of advice she has received and is 
contemplating changing her bank account details. advertisement

"Many employees will not be aware how the information can be used and 
the letter from the county council to its employees gives no advice at 
all," she said. "It could well be up to a period of six months before 
any of this data is used for identity theft.

"Not only can the information be used for setting up credit or debit 
arrangements but even if bank account details are changed, a person's 
name and national insurance data, I understand, can be used also to 
steal identity."

Comments on the Worcester News website - www.worcesternews.co.uk - 
reveal the anger of people affected.

Andy Lewis said: "What on earth was a laptop containing all these 
confidential details doing off council premises? Heads need to roll for 
this breathtaking degree of negligence and incompetence."

Another message from concerned and angry county council employee' said: 
"What was this individual doing carrying a laptop with such sensitive 
information down the street? I suggest the county council reviews its 
contract with this company if there are such flagrant breaches of 

Jackie Alderson, head of communications at Worcestershire County 
Council, said the laptop stolen was not in the hands of a county council 
employee but was the responsibility of the council's IT supplier Serco.

"It is an enormous concern to those staff involved and we are still 
urging people to ring our helpline, which is staffed by fully-trained 
finance staff, if they have any concerns. We are telling them all to be 
extra vigilant when it comes to looking at their bank accounts.

"We are in talks with Serco about how this happened and how we are to 
continue working with them."

Serco has not revealed where or when the laptop was taken, with 
speculation it could have been as long as two weeks ago.

Mark Vaughan, head of communications at Serco, said: "Policies are not 
being reviewed as we have a policy in place. An investigation is under 

Local banks have been informed of the security breach and spokesmen for 
both Lloyds TSB and Barclays said staff were being extra vigilant.

Both said fraudsters would have difficulty stealing identities from the 
information held on the computer alone, but that customers should keep 
an eye on their accounts and report anything unusual straight away.

Anyone concerned can visit www.annualcreditreport.co.uk, which gives 
advice on what to do should you fall victim to identity theft and advice 
on how to prevent it.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Sun Mar 04 2007 - 22:37:17 PST