Germany's biggest breach of banking details is a
wake-up call to all organisations handling personal data, say
security experts.
At the weekend a German economic magazine reported that
cybercriminals were
offering 21 million bank account details for sale at around
£10m.
Journalists from the magazine
WirtschaftsWoche claim to have received a sample CD containing
1.2 million bank account details after posing as buyers.
The sample CD contained details such as names, addresses, phone
numbers, dates of birth and bank account numbers.
The data is believed to have been collected from call centre
employees, the magazine said.
Graham Cluley, senior technology consultant, at IT security
firm Sophos said all companies need to pay proper attention to
restricting access to data.
"If this can happen in Germany, it could happen in the UK too,"
Graham Cluley said.
Not enough organisations are taking appropriate steps to
ensure sensitive data is secure, said Cluley.
This kind of targeted data theft is a much bigger concern than
when data is lost accidentally, said
Guy Bunker, chief scientist at security firm Symantec.
When CDs containing data are lost, it will not necessarily be
exploited because not everyone would know how to do that, Guy
Bunker said.
When data is stolen, said Bunker, it is usually channelled
through the distribution network of the underground economy and it
is much more likely to be used to commit other crimes.
All data loss remains a concern, he said, because although
inadvertent losses may not lead to other crimes, it will damage the
reputation of companies to look after data properly and that could
lead to customers going elsewhere.