The personal records of thousands of UK consumers have turned up on a computer recovered from criminals in the US.
London's Metropolitan Police Computer Crime Unit reported that 83,000 email addresses, credit card numbers and online transaction files had been discovered on the PC during an unspecified operation by US authorities.
The files are believed to have been stolen from around 2,300 computers using some sort of backdoor Trojan infection able to log passwords. UK police are now busy contacting the people involved, as well as their banks and ISPs where appropriate.
Police have yet to reveal which piece of malware was involved nor how far back in time the theft might have occurred. Likewise, the identity of the UK bank or banks involved has yet to be made public.
"The information has been harvested from the computers by a type of malicious code known as a Backdoor. However, there are thousands of computer users worldwide who have had their computers compromised and data stolen," said a spokesman for Scotland Yard.
"This immediate response by the Met’s Computer Crime Unit to notify victims, ISPs and Banks as well as alerting our foreign law enforcement partners demonstrates the Unit’s commitment to disrupt the activities of criminals who engage in this activity."
That a single PC can be found to contain personal information from such a large number of people is further evidence that Internet crime is still low-risk and effective. Meanwhile, unlike consumers in many US states, UK victims have no automatic right to know when their data has been compromised. That this event came to light at all is entirely down to the decision by UK police to contact them.
Information on thefts of any kind from UK banks is still rare, one of the notable exceptions being the failed attempt to steal £220 million from London-based Sumitomo Mitsui Bank in March 2005.
That was money alone, while this is data with the presumed intention to siphon money later on. Nevertheless, UK banks, specifically Lloyds TSB, have still struggled with data theft problems in the last year in cases that have come to light. As in so many such incidents, the bank was only caught out because the individual affected complained to a newspaper.