Posted on 09/26/2003 1:40:59 PM PDT by NotQuiteCricket
Two Bank of Montreal computers containing hundreds, potentially thousands, of sensitive customer files narrowly escaped being sold on eBay.com late last week, calling into question the process by which financial institutions dispose of old computer equipment.
Information in one of the computers included the names, addresses and phone numbers of several hundred bank clients, along with their bank account information, including account type and number, balances and, in some cases, balances on GICs, RRSPs, lines of credit, credit cards and insurance.
Many of the files were dated as recently as late 2002, while some went back to 2000. The computers appeared to originate from the bank's head office on St. Jacques St. in Montreal, but customers, many of them also bank employees, had addresses ranging from Victoria, B.C., to St. John's, Nfld.
In the wrong hands, the data could be used to steal someone else's identity for the purposes of fraud, a fast-growing crime known as identity theft.
"Our number one priority as an organization is the protection of customer information," said Dina Palozzi, chief privacy officer for the bank, which swiftly seized the computers' hard drives on Saturday afternoon within 24 hours of learning their whereabouts. "This kind of issue we take very, very seriously."
Geoff Ellis, a 26-year-old masters student living in North York, purchased the computers last week from Ecosys Canada Inc., a computer asset-management firm in Mississauga. He paid $400 each for two powerful IBM Netfinity servers that would have cost about $5,000 new.
Ellis buys, fixes up and then resells used computer equipment on eBay.com. He had posted the two machines on the popular online auction site for six hours before he noticed, after turning one of them on, that it contained an operating system that let him access file folders from the bank without needing a password.
He immediately removed the items from the Web site, he said.
"My first response was shock," said Ellis, who contacted the Star soon after discovering the information. "There's no way a server should get out of a bank's hands with a full operating system and whatever data that's in the hard drive."
(Excerpt) Read more at torontostar.com ...
Apparently not seriously enough...
See buck.
See buck passed.
Colin Taves, vice-president at Rider, said Ecosys is a sub-contractor for the bank's Montreal head office and should have made sure the computers were wiped.
See buck.
See buck passed.
"It was really an operational breakdown," said Taves, explaining that the computers were taken from the wrong warehouse skid and it was assumed they had been erased. "It was a warehouse location issue more than anything else."
See buck.
See buck passed.
Bruce Hartley, a vice-president at Ecosys, agreed. " It's an operational error and we've contained it in the shortest amount of time that we could.
You got it handed to you on a silver platter, you mean...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.