• Welcome to the PopMalt Forums! Whether you're new to forums or a veteran, welcome to our humble home on the web! We're a 20-year old forum community with thousands of discussions on entertainment, lifestyle, leisure, and more.

    Our rules are simple. Be nice and don't spam. Registration is free, so what are you waiting for? Join today!.

Bought a server FULL of a Finance Companys data.... What should I do?

Carl0071

New Member
Ok, I was at my local car boot sale (For you Americains, it's like a garage sale but in a field) and picked up a Dell Poweredge 1600SC Server for £18 (about US$35). :lick:

At the time, I bought it because it had a 4-port IDE RAID card inside which I needed for my own server project. However, when I got it home, I found that the two 120GB hard drives inside are jam-packed of data from the company it was removed from. The company is a finance company in London, England which, according to their accounts Excel spreadsheet on the drive, turns over about £3,500,000 (US $6,000,000) per year. They have about 20-30 employees and their office is based about 20km south of London. The data includes bank acccount numbers, NI Numbers (Same as Social Security in the US), Names, address & dates of birth of employees, over 250 letters to clients' and over 8,000 files I am yet to go through.:-o

I don't think the server was stolen or removed without permission, because the guy selling it said he gets paid to clear out offices and removed equipment when a company no longer needs it....:nod:

He had a few other servers for sale but I only had £20 left on me at the time.:rolleyes:

I have a friend who works for a national newspaper and he offered me £250 (US $500) for the story and the hard drive. What I need to know is this.... Would I be better off (financially!:D) calling the company and explaining I bought the server in good faith, I've found their data and a newspaper has offered me £250 for it, and would they like to better that offer to have the drive back and keep the story out of public view. Here in the UK, we have a law called the Data Protection Act. That means if anybody takes your details (hospitals, banks, schools, shops, businesses etc..) they have to ensure it doesn't fall into the wrong hands when they dispose of old hardware. :shocked:

I don't know whether they'd want to pay me or if they'd spit in my eye instead..... :lol:

Over the past few months, there's been a lot of people in the news finding military laptops on trains, memory sticks in car parks and computers full of credit card details all over the place.....:-/


Need some input please, and if I do decide to sell to the papers I will post the link to the story here......:confused::confused:
 

Arathald

Registered Member
DO NOT give someone that hard drive. If you do, you're at least as much on the hook for releasing people's personal data as the company is -- in fact, moreso, because you would be doing it deliberately. Also, it is *incredibly* unethical to ask the company for money to either keep you from releasing the data or the story. This is the very definition of blackmail. If you're concerned about the company illegally releasing personal data, call whatever government body oversees the enforcement of the data protection act and report the company. It would also be good to call the company and let them know about this breach.

I don't consider it unethical to sell the story to a newspaper, but releasing the hard drive to them most definitely is, and so is blackmailing the company to prevent the story from being released.
 
Top