Forensics experts at the Dublin office of consultancy Ernst & Young have found evidence that prominent companies in Ireland are allowing home-based employees to download sensitive company and client data to their personal computers.
Second-hand computer hard drives containing sensitive information – including hundreds of customer bank, Laser and credit-card account details, car registration information, staff PPS numbers, internal corporate information and e-mail details – were purchased on Irish auction website eBay.ie from owners who, in most cases, had not even bothered to erase the drives.
[..]
Of eight disks purchased on eBay, only three had been erased by the owner. Typical of what was found on the disks:
A brand-name online payments company (disk purchased for €5.79 including P&P). Information recovered:
- Technical files relating to a popular bill payment solution which included technical specification documents and consultancy firm reports in relation to the bill payment solution;
- PPS numbers of staff and customers;
- Hundreds of customer bank account numbers and sort codes;
- Hundreds of Laser card numbers and expiry dates;
- Hundreds of credit card numbers and names;
- Significant amount of e-mails detailing customer data;
- Internal corporate information, staff details etc.
A well-known Irish car dealership (disk purchased for €10.79 including P&P). Hard disk for sale on ebay.ie with comment in ad: “Used to be in a Dell computer but I removed it. I didn’t bother deleting the files off it but this can be easily done.” Information recovered:
- Bank account numbers;
- Customer names and addresses;
- Customer invoices and bank details;
- Customer car registration information.
Read more in The Irish Times.