[LINK] 19, 000 UK credit card details posted on the Net...and accessible on Google

[Leah Manta]

Find this story at 
www.dailymail.co.uk/news/article-1165447/19-000-UK-credit-card-details-posted-Net--accessible-Google.html 



19,000 UK credit card details posted on the Net...and accessible on Google

By 
<http://www.dailymail.co.uk/home/search.html?s=y&authornamef=Sean+Poulter>Sean 
Poulter and 
<http://www.dailymail.co.uk/home/search.html?s=y&authornamef=Jonathan+Weinberg>Jonathan 
Weinberg
Last updated at 10:38 AM on 28th March 2009


The credit card details of up to 19,000 British 
shoppers were published on the internet - where 
they could be found using a simple search on Google.

The details apparently originated from the 
website of a criminal gang in the Far East.

The list, obtained by the Mail, includes the 
names, home addresses and full card details of 
thousands of Visa, Mastercard and American Express customers.

Google's high-powered search engine inadvertently 
picked up the list during a 'crawl' of the web - 
allowing it to be seen and copied.

The credit card details of thousands of Brits 
could be accessed through search-engine Google

It was still viewable a few days ago, but a 
spokesman for the banking industry trade body 
APACS said that many of the cards on the list had 
already been stopped and others had expired.

However, these users' home addresses - including 
door numbers and postcodes  - were clearly shown, 
creating the risk of identity theft.

APACS also revealed that banks had merely put a 
warning flag on the accounts of those customers 
whose cards were still active, in order to monitor any unusual use.

Disturbingly, however, these customers have not 
been warned of the security breach.

Details of Visa, Mastercard and American Express 
customers could be viewed online

Conservative MP Nigel Evans, chairman of the All 
Party Group on Identity Fraud, said: 'This is 
hugely worrying. The credit card companies have a 
duty of care to inform all those involved that 
they are at risk of identity fraud.'

Any criminals who came across the list could have 
used them to make purchases worth millions of 
pounds. Some customers' card details were stolen 
after making purchases over the internet, while 
others are known to have been victims of fraud.

It is believed the details were originally on an 
unsecured server in Vietnam which was linked to a 
website belonging to the fraudsters. Criminal 
gangs typically use such websites to trade in stolen card details.

The server was closed down in February by 
authorities investigating cyber crimes but 
Google's powerful indexing technology had already 
located the list and made a copy.

Rik Ferguson, of web security firm Trend Micro, 
said: 'To find this amount of data on a server 
which is publicly accessible is a rare event. 
Organised crime usually protect their ill-gotten 
gains behind password-protected links on encrypted machines.'

Mr Ferguson also told how he had infiltrated 
internet forums used by the crooks, where just 
£250 would buy details of 100 UK cards. Internet 
banking logins and fake passports were also on sale.

He added: 'The existence of these kinds of 
carding forums illustrates the booming trade in 
stolen financial details such as cards and bank accounts.

'Perhaps the greatest surprise to the casual 
observer will be the relatively low prices for 
this information. This is driven by the ease of 
access and the sheer numbers available.'

A spokesman for APACS said: 'The banking industry 
takes every data breach extremely seriously. We'd 
like to remind all online businesses of their 
responsibility to store card details securely.'

The details have now been removed from Google and 
a spokesman said they could not comment on the specific case.

But he added: 'Search engines such as Google do 
not have the ability to remove content directly from the internet.'