Hot on the heels of my post earlier this week comes a perfect example of the negligence I was talking about. In this case, nobody had to hack into anything to get access to "[d]etails of customers of three companies, including the Royal Bank of Scotland (RBS) and its subsidiary, Natwest". Also, this appears to be some really high-test info. "The information is said to include account details and in some cases customers' signatures, mobile phone numbers and mothers' maiden names."
The vector for all this data? eBay. They sold a computer containing this information for around US$140. The banks in question are indescribably lucky that the fellow who purchased the system is an IT manager and apparently a stand-up guy.
Though I am curious as to why eBay continues to be involved: '"Clearly such details should never have been included in the hard drive of the computer offered for sale on eBay," said the eBay spokesman.' I don't think that eBay has any real involvement here other than providing the marketplace, but thanks, I guess.
Either way, this is a prime example of my original point. This kind of negligence needs to be met with crippling fines at the very least, and preferably jail time for the executives ultimately in charge. There is simply no valid defense of this situation. "Oops" doesn't cut it.
I do note that the data has not yet been returned. I hope he gets a sizable reward for doing so.