MBNA, the largest credit card provider in the UK, has announced a data breach due to the theft of a laptop computer. Data encryption software like AlertBoot was not used to protect the information, it looks like.
The breach, while announced by MBNA, actually stems from the actions (or, rather, the lack of action) of a third party vendor. The Lancashire Evening Post has identified the vendor as NCO Europe. If one is to believe online forums, then it's my opinion that it's only too self-evident that something like this would have happened. What does NCO do? I'm sure they do a lot of stuff, but information I've found online--none of it official--points towards a debt collection agency. It makes sense, then, that MBNA would announce a data breach where credit card numbers were lost, but not PINs--debt collectors don't need PINs. But, they do need conduct themselves as a business. NCO is a debt collection agency that's been branded as unprofessional, discourteous, and incompetent: for example, there are complaints of NCO calling a person, just to place them on hold forever. The person calls NCO back, and they have no idea why they called the person--he's not in their records. Other horror stories abound, including one employee answering and calling under different names, and constant hang ups from NCO's end when the conversation is not in their favor. (You can get an eyeful by following the moneysavingexpert.com link below.) When you're dealing with a company like this, it's not surprising that the company would be carrying credit card information on a computer that's not protected with encryption software. You know, despite the fact that news abounds in the UK where lost or stolen laptops without data encryption are investigated by the Information Commissioner's Office. (I hear they get the power to charge fines next year.) What's MBNA doing with a company like this? Well, seeing how NCO also seems to deal with debt collections for eBay/PayPal, Orange (the phone company), and Barclay's, it looks like it's no small time organization. Of course, what boggles the mind is that a debt collection company is just allowing a laptop to be carried around without encryption being used to secure their data. I mean, don't debt collection agencies by definition hold the sort of information that fraudsters and hackers are looking for?
The breach, while announced by MBNA, actually stems from the actions (or, rather, the lack of action) of a third party vendor. The Lancashire Evening Post has identified the vendor as NCO Europe.
If one is to believe online forums, then it's my opinion that it's only too self-evident that something like this would have happened. What does NCO do? I'm sure they do a lot of stuff, but information I've found online--none of it official--points towards a debt collection agency. It makes sense, then, that MBNA would announce a data breach where credit card numbers were lost, but not PINs--debt collectors don't need PINs.
But, they do need conduct themselves as a business. NCO is a debt collection agency that's been branded as unprofessional, discourteous, and incompetent: for example, there are complaints of NCO calling a person, just to place them on hold forever. The person calls NCO back, and they have no idea why they called the person--he's not in their records.
Other horror stories abound, including one employee answering and calling under different names, and constant hang ups from NCO's end when the conversation is not in their favor. (You can get an eyeful by following the moneysavingexpert.com link below.)
When you're dealing with a company like this, it's not surprising that the company would be carrying credit card information on a computer that's not protected with encryption software. You know, despite the fact that news abounds in the UK where lost or stolen laptops without data encryption are investigated by the Information Commissioner's Office. (I hear they get the power to charge fines next year.)
What's MBNA doing with a company like this? Well, seeing how NCO also seems to deal with debt collections for eBay/PayPal, Orange (the phone company), and Barclay's, it looks like it's no small time organization.
Of course, what boggles the mind is that a debt collection company is just allowing a laptop to be carried around without encryption being used to secure their data. I mean, don't debt collection agencies by definition hold the sort of information that fraudsters and hackers are looking for?
Related Articles and Sites:http://www.scmagazineuk.com/mbna-confirms-data-loss-after-laptop-containing-personal-details-of-thousands-of-customers-was-stolen-from-vendor/article/160217/http://www.lep.co.uk/news/Customer-credit-card-details-stolen.5929370.jphttp://forums.moneysavingexpert.com/showthread.html?t=389079