BBC presenter Jeremy Clarkson has lost £500 after publishing his bank details in a British newspaper in a naive attempt to prove that the UK's largest ever data breach was a storm in a teacup.
In October last year two discs containing child benefit claims of some 25 million UK residents were lost in transit after being sent from the HM Revenue and Customs offices.
Clarkson insisted that little could be done with the stolen information and published his bank details in the Sun newspaper to prove that people should not be worried, the BBC reported: "All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing," the Top Gear host wrote.
Unfortunately for Clarkson, a savvy reader used the details he provided to process a £500 direct debit transaction from his Barclays bank account to the charity Diabetes UK. Clarkson was forced to admit that he was wrong and had been punished for his mistake, saying there was little chance of catching the person responsible. "He probably thought 'what can you do with this personal information?' and he got screwed straight away because they can do a lot of things with this," said Andreas Baumhof, CTO of online fraud protection company TrustDefender. "You might say 'this was just a dodgy bank that is not up to date with their security systems'. But that would be utterly wrong," Baumhof said. "This was done with Barclays in the UK, and the level of security systems that Barclays has in place is actually fairly high." Baumhof said.
Clarkson's actions show that not enough attention is being given to protection from identity theft. "He was pretty open and published all this information in the article, but a lot of people give out a lot of information on things like social networking sites that on their own is not very valuable, but when you combine all these details with other information they can become really valuable," he said. "The banks have to protect people connecting to their services, but if I know enough about you, you would be amazed what I could do." Baumhof explained that while banks can provide secure protection on their site, it only helps if people ensure they protect their personal information wherever they go online, not just on one particular site.
"We are always talking about online fraud, but the much bigger problem is identity theft," he said. "Identity theft results in online fraud, not the other way around."