26 Aug 2008, 5:25 pm
Details of customers or potential customers of Royal Bank of Scotland, American Express and NatWest were on the computer, which was taken from a Graphic Data site.
Information on the computer is said to include details of people's names, addresses, phone numbers, signatures and mothers' maiden names. Such extensive information could be used to impersonate people and conduct identity theft and fraud.
"Graphic Data has confirmed to us that one of their machines appears to have been inappropriately sold on via a third party," said a statement from Royal Bank of Scotland, which operates as RBS and as NatWest.
"As a result, historical data relating to credit card applications from some of our customers and data from other banks were not removed. We take this issue extremely seriously and are working to resolve this regrettable loss with Graphic Data as a matter of urgency," it said.
The computer is reported as having been sold by an ex-employee of Graphic Data, and a second machine is said to be missing. The machine with the one million customer details on it had been reported by its purchaser, Andrew Chapman.