Credant Says RBS "Million Records" Computer Sale Could Have Been Avoided

With Effective Customer Data Security Policy

(28.08.08) - Credant Technologies says the widely publicised sale of a computer on eBay – apparently containing the details of a million RBS Group bank customers – could have been avoided if the bank and its contractors had adopted an effective customer data security and encryption strategy. "If the bank and its contractors had a solid data encryption strategy in place, with private data such as that found on the eBay computer being encrypted - and only decrypted when needed, and on-the-fly -then, even if the computer slipped through the net because of the thoughtless actions of one or more individuals, then the data would clearly be inaccessible," said Michael Callahan, Credant's senior vice president and chief marketing officer.

"This would have avoided the need to apologise for leaking data that included bank account numbers, phone numbers, mothers' maiden names and even signatures of customers, so representing a gross security breach at the bank," he added.

According to Callahan, whilst the bank will undoubtedly apologise and quite possibly end up being fined for the gross security breach, the issue highlights the security dangers of allowing unencrypted data to be used by third-party companies. "Dealing with third-party firms is a routine business transaction, but you cannot always rely on a third party to have as stringent security systems in place as your own," he said.

"This is why we always recommend the use of encryption technology for private data such as this, only decrypting the data on-the-fly and as, and when, required," he said.

"The process is simple, as well as highly cost-effective and would have prevented this situation from happening, no matter how poor the security procedures of the third party companies that are involved," he added.

For more on the RBS computer eBay sale fiasco: http://tinyurl.com/5actd9

(Credant: ra)