Forensics experts at the Dublin office of consultancy Ernst & Young have found evidence that prominent companies in Ireland are allowing home-based employees to download sensitive company and client data to their personal computers.

Second-hand computer hard drives containing sensitive information – including hundreds of customer bank, Laser and credit-card account details, car registration information, staff PPS numbers, internal corporate information and e-mail details – were purchased on Irish auction website eBay.ie from owners who, in most cases, had not even bothered to erase the drives.

[..]

Of eight disks purchased on eBay, only three had been erased by the owner. Typical of what was found on the disks:

A brand-name online payments company (disk purchased for €5.79 including P&P). Information recovered:

• Technical files relating to a popular bill payment solution which included technical specification documents and consultancy firm reports in relation to the bill payment solution;
• PPS numbers of staff and customers;
• Hundreds of customer bank account numbers and sort codes;
• Hundreds of Laser card numbers and expiry dates;
• Hundreds of credit card numbers and names;
• Significant amount of e-mails detailing customer data;
• Internal corporate information, staff details etc.

A well-known Irish car dealership (disk purchased for €10.79 including P&P). Hard disk for sale on ebay.ie with comment in ad: “Used to be in a Dell computer but I removed it. I didn’t bother deleting the files off it but this can be easily done.” Information recovered:

• Bank account numbers;
• Customer names and addresses;
• Customer invoices and bank details;
• Customer car registration information.

Read more in The Irish Times.