Financial details for sale on e-bay - Pointsec investigation exposes lax controls

Financial details for sale on e-bay - Pointsec investigation exposes lax controls

The current access codes and admin rights to the secure Intranet of one of Europe's largest financial services group was purchased on a hard drive over e-bay for just five pounds by UK security specialist Pointsec Mobile Technologies.

It was the first of 100 drives and laptops purchased as spare and used parts over Internet auction sites and other public auctions by the firm. Pointsec found it was able to read 7 out of 10 hard-drives bought in this way, all of which had supposedly been wiped-clean or re-formatted.

The hard-drive purchased by Pointsec over e-bay contained highly sensitive information from one of Europe's largest financial services groups with pension plans, customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for the secure Intranet site. There were 77 Microsoft Excel documents detailing customer e-mail addresses, dates of birth, home addresses, telephone numbers and other confidential information.

Pointsec also wanted to find out how easy it is to purchase and access information on laptops which are lost in transit such as at Gatwick or Heathrow airports, on the Eurostar or handed into the Police. In all cases they found the laptops and all the information residing on them, were put up for auction if they were not reclaimed after three months.

Pointsec visited one of the auctions used by Gatwick airport, near Chertsey and found that before even purchasing the laptops, the researchers were able to start up the laptops to inspect whether they worked. Using password recovery software they were able to access the information on one in three of these laptops. This exercise was repeated in Sweden, the US and Germany.

Peter Larsson, CEO of Pointsec Mobile Technologies says: "These findings reinforce how important it is to never let laptops or mobile devices leave the office without being adequately protected with encryption and strong password protection."

Comments: (0)