For Sale on EBay: Your Financial Records

It's an all too frequent occurrence for companies -- usually banks or credit card companies -- to sheepishly announce thefts of their customers' private information. But selling sensitive financial data on eBay? Oops! That's a new one.

Somehow a computer containing detailed bank account and credit card information for the British customers of the Royal Bank of Scotland, its subsidiary NatWest, and American Express, ended up on eBay earlier this month.

Price paid for one used computer plus the names, bank account numbers, signatures, mobile phone numbers, and other personal information of more than one million customers? About $70.

The buyer was an (apparently ethically flawless) IT manager named Andrew Chapman, who upon discovering the treasure trove of data immediately reported it to the authorities. Regulators launched an investigation today.

RBS and NatWest are, of course, expressing their shock and horror at the misstep -- it takes a little pressure off the banks that the computer wasn't pinched from an RBS or NatWest site, but rather slipped through the fingers of data processing firm Graphic Data, which was involved in archiving banks records electronically.

It appears that a Graphic Data employee, who remains nameless as of now, thought he'd make a little money on the side by nicking a castaway computer (who would miss one silly old computer?) from the company.

Graphic Data, along with the government investigators, can probably skip over the IT department in its search for the guilty party: the perpetrator apparently didn't know enough about computers to erase the data from the computer's hard drive before selling it.

by Liz Gunnison