The credit card details of 19,000 British web users were exposed on Google when it was left available on the search engine’s web cache, it has recently been revealed. Details of Visa, American Express and MasterCard users in the UK, including names, home addresses, card numbers and expiry dates, were accessible to anybody who typed in the correct search key, the Daily Mail reported this weekend.
The information was originally posted on a scam website traced to an unsecure server in Vietnam, where thieves were stealing personal information and selling it on. The site was removed in February this year, but the data remained live in the search engine’s web history, allowing it to be accessed and copied, until it was spotted by employees and taken down.
Although the majority of the cards involved in the scandal have already been cancelled, according to the banking industry trade body, APACS, few of the affected customers have not been notified by their credit card companies.
“This is hugely worrying. The credit card companies have a duty of care to inform all those involved that they are at risk of identity fraud,” said Nigel Evans, a member of Parliament and chairman of the All Party Group on Identity Fraud, told the Daily Mail.
Google defended itself by pointing out that it does offer tools so that users can prevent sensitive material remaining available in the cache, but in this instance the original posters had not taken advantage of it.
“Please keep in mind that search engines are a reflection of the content and information that is available on the Internet. Search engines such as Google do not own this content, and do not have the ability to remove content directly from the Internet,” a Google spokesman explained.