whose server full of processed creditcard applications (ie credit card numbers, security details, etc) was flogged on eBay earlier in the year?

Who is going to be held responsible?

Have RBS, or indeed, any of the major international banks, any track record in organising festivities in a place of ale-production?

Payroll card? WTF is one of those then?

Don't forget RBS has been owned by the UK government since October - so that's another 1.5 million people's data it just lost...

Paris, since she's had her data nicked already.

...that so quickly after Nationalising RBS, the Govenment has already managed to drive information security around personal records to the same level as the rest of the Civil Service. :-/

Mine's the one with the "voluntary and patriotic" ID card in the pocket....

I've been getting a lot more phishing email recently, especially about accounts that I don't have with RBS-related companies, like Natwest and Churchill. Does this breach explain them, or is it just coincidence?

I had to do a Worldpay integration think a few years ago. It was painful and expensive. Some time later, I started getting spam from a Worldpay competitor to the email address that I had only used for setting up the WP account. My guess was that a rogue IT person had left and taken the list with them. The most depressing bit is that I told them what had happened but they didn't care.

Sadly they still have a near monopoly at what they do.

LOL

Bring on the fail, it's hilarious!

So few companies, so much data, so little time!

http://www.theregister.co.uk/2008/08/28/data_bank_details/

So, exactly who inside RBS management *is* going to be held responsible?

when things go wrong at RBS the first thing they do is to form a committee whose job it is to find someone to blame BEFORE things get fixed! the place is riddled with a cover-your-arse mentality coupled with a blame culture. With very little reward for achieving anything, it's not surprising that staff don't rush to fix stuff.

posted a/c for obvious reasons!

The security breach was at the US division of Worldpay, I think this is different from the normal http://www.worldpay.com we use in Europe?

But! looking at the latest PCI compliance list - http://tinyurl.com/7s69ex - I see the likes of Netbanx and Protx listed but Worldpay is absent? Does this mean the European processor isn't even PCI compliant?! I thought they had to be compliant or do they get a special exclusion from Gordy Brown?

WorldPay are NOT PCI DSS compliant!!

"The Royal Bank of Scotland Group (RBS) takes data security and compliance with its many legal and regulatory obligations extremely seriously. The WorldPay payment systems are located in RBS Data Centres that comply with the stringent policies and procedures of RBS and have been designed to the highest standards that the Bank’s regulators and legislators expect.

As you may be aware, WorldPay has been involved in a major project to replace the existing system and migrate to a new and enhanced platform. As part of this project, all work necessary to comply with the PCI DSS rules is therefore being directed at the new system and as a result WorldPay will remain 'In Progress' for PCI DSS compliance until work on the new system and migration of customers is complete.

RBS maintains in regular and open dialogue with both VISA and MasterCard, sharing progress reports and updating plans, ensuring, as the enforcers of Scheme regulations, that they are up to date and aware of the project’s developing position towards compliance and endorsing of our plans."