Future Intelligence’s Peter Warren finds ex-Beatle Paul McCartney’s bank details at an East London boot fair while demonstrating the threat from discarded data.
This investigation was published in the Daily Express and broadcast on Channel 4
By Peter Warren and Jonathan Calvert
An unwanted computer sold on from a bank contained 108 files relating to Sir Paul McCartney’s private cash dealings.
The second-hand machine, containing information on the movements of money in Sir Paul’s account, was discarded without the files being wiped clean.
Merchant bankers Morgan Grenfell Asset Management had simply failed to erase the memory contained on computer’s hard disk.
The Express has discovered similar security breaches are occurring on millions of of computers containing highly sensitive commercial and personal information, and which are freely available for resale.
In an investigation with Channel 4 News, we have established that many banks and Government departments are failing to take sufficient care.
During our research we were offered computers from other banks which contained non-deleted files.
Recently the Inland Revenue discarded scores of computers which still held payroll details of staff.
There is a massive market in second-hand computers sold through dealers, auctions and even car boot sales. In theory the hard disks should be wiped before they are sold on.
The computer hard disk retains every file, including emails, that has been stored on the machine. Even deleted work remains on the system until it is over-written when the portion of the memory that it occupied is randomly designated to a new file.
Second-hand computers sold on with client’s confidential details
Computer security expert John Godfrey said yesterday: “There are tens of millions of second-hand computer systems freely available in the open market with commercially sensitive data on.
“Companies are careless when they replace computer systems, not thinking about what happens to the old PCs. But they have a duty to clients not to pass on confidential information. It is gross commercial neglect.”
Retrieving the information is fairly simple. Experts say it takes 15 minutes to show someone how to do so and software can be downloaded from the internet to break into more difficult files.
To see how easy it is to find sensitive data, second-hand dealers were asked to find computers which still had data on them. Within weeks they found a Compaq PC which had been used by Morgan Grenfell – now renamed Deutsche Asset Management.
The computer had passed through several hands and would have been sold on the open market. We arranged for it to go to a specialist computer forensic company, IRM, which is expert in retrieving data for criminal trials. There were more than 5,000 files on it dated between 1990 and 1998 which included memos, emails and tables containing details of clients’ account numbers and share transactions.
There were more than 100 files on former Beatle Sir Paul McCartney alone and many other clients were mentioned including a large charity for the blind, the Cancer Research Campaign, the International Association of Odd fellows and a duchess,
Our forensic experts said it was “embarrassingly easy” to get the data off the disk as there had been “no attempt” to delete it.
Sir Paul’s office would not comment on the matter yesterday. But David Sidel, company secretary of the Cancer Research Campaign, said: “It is very unsettling. I have instructed a through investigation.”
Yesterday Elizabeth France, the Data Protection Registrar, said the matter appeared to be an obvious breach of security.
“If any of the individuals whose information has come to the notice would like me to look at it for them then I would certainly be prepared to do that.”
Under the Data Protection Act organisations are required to guard against the unauthorised disclosure of personal data.
A statement from Deutsche Asset Management said the process of decommissioning computers is carried out by a third party specialist to render the information inaccessible.
It said: “In the light of this incident, the Deutsche Bank Group is reviewing all procedures concerning the decommissioning and disposal of computers. The bank would like to take this opportunity to apologise unreservedly to any client who may have been embarrassed by this incident.”
____________________________________________________
The above is the article as it appeared as the front page lead on the Daily Express on the 9th of February 2000.
It was broadcast on Channel 4 News on the evening of the same day.
Future Intelligence provided the story to both organisations.
Daily Express headline ‘Secrets of McCartney Bank Cash Are Leaked’
