The man who found the
personal bank details of more than a million people on a
second-hand computer he bought on eBay last week, has returned
the machine to the company responsible for archiving the data.
Andrew Chapman, an IT manager at the University of Oxford, who
bought the computer to store music files, told ComputerWeekly that
he has sent the machine back to document scanning and archiving
company Graphic Data, after the firm offered him compensation.
Chapman said he was disappointed that the head of investigation
at the Information Commissioner's Office had not followed through
on proposals to inspect the machine.
"I would have expected there to be a lot more regulatory clout,"
he said.
Graphic Data had initially described the computer as stolen
property, said Chapman. But the company later said the computer was
not intended to be disposed of by the company and investigations
are ongoing to find out how this equipment was removed from one of
the company's secure locations.
The Information Commissioner's Office said in a statement that
it is investigating this potential data breach and will be seeking
an urgent explanation from Graphic Data to establish what has gone
wrong and the steps that are being taken to prevent a similar
incident occurring.
A spokesman at the Financial Services Authority said the
financial services watchdog has the power to fine companies for
this type of data breach and is also prepared to
fine financial services companies for breaches committed by the
firms they outsource services to.
In the past 18 months, the FSA has fined three firms over £2m
for failing to protect their customers' details, he said.