by CIO Staff

Thousands of U.K. Consumers Victims of Data Theft

Oct 11, 20063 mins

The personal records of thousands of U.K. consumers have turned up on a computer recovered from criminals in the United States.

London’s Metropolitan Police Computer Crime Unit reported that 83,000 e-mail addresses, credit card numbers and online transaction files had been discovered on the PC during an unspecified operation by U.S. authorities.

The files are believed to have been stolen from approximately 2,300 computers using some sort of backdoor Trojan infection able to log passwords. U.K. police are now busy contacting the people involved, as well as their banks and ISPs where appropriate.

Police have yet to reveal which piece of malware was involved or how far back in time the theft might have occurred. Likewise, the identity of the U.K. bank or banks involved has yet to be made public.

“The information has been harvested from the computers by a type of malicious code known as a backdoor. However, there are thousands of computer users worldwide who have had their computers compromised and data stolen,” said a spokesman for Scotland Yard.

“This immediate response by the Met’s Computer Crime Unit to notify victims, ISPs and banks as well as alerting our foreign law enforcement partners demonstrates the unit’s commitment to disrupt the activities of criminals who engage in this activity.”

That a single PC can be found to contain personal information from such a large number of people is further evidence that Internet crime is still low-risk and effective. Meanwhile, unlike consumers in many U.S. states, U.K. victims have no automatic right to know when their data has been compromised. That this event came to light at all is entirely down to the decision by U.K. police to contact them.

Information on thefts of any kind from U.K. banks is still rare, one of the notable exceptions being the failed attempt to steal 220 million pounds from London-based Sumitomo Mitsui Bank in March 2005.

That was money alone, while this is data with the presumed intention to siphon money later on. Nevertheless, U.K. banks, specifically Lloyds TSB, have still struggled with data theft problems in the past year in cases that have come to light. As in so many such incidents, the bank was caught out only because the individual affected complained to a newspaper.

-John E. Dunn, (London)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.