Add your comment


20 Responses to “Account Number & Sort Code — An Awful Warning”

  1. Trevor Bounford says:

    I print bank details on the invoices I issue. Is this putting me at risk?

    • Gwyn Headley says:

      According to the man from HSBC, not really, if the recipient is a private individual or another company — unless of course they are criminally inclined. Knowing some of your clients, I suggest you work for cash in advance only.

  2. Antony McCallum says:

    Isn’t this a case where a property release is required & doesn’t the cheque remain the property of the bank regardless of who uses it?
    Can we do something to at least have Getty (another entity too big to be held properly to account) pay fotoLibra some form of compensation?

  3. Chris says:

    What a stupid person!? Fancy uploading a photo of a cheque… and to a rival agency at that! Love the description, waiting to have it ‘chashed’ maybe that’s a code!

    I think you need to get to the root of the problem and get Ababsolutum to remove or edit the photo, and Getty need to take the image down until it’s complete.

    It’s still available to buy now. I might make a monthly donation to Diabetes UK 😉

  4. David Carton says:

    The words hand, biting, the, feeds, that & you spring to mind in no particular order. A reverse search shows it’s still available on istock with a/c details still. Also seems to have been used on other sites & blogs whether they were paid for or just lifted. Are HSBC sufficiently concerned they would want to change your a/c number? If not then as they are aware of the situation are they saying they will cover you for any fraud that may arise?

  5. Jolyon Direnko-Smith says:

    Surely the concern is misdirected ?

    The issue is not that an account number and sort code should not be “published” but that ONLY a sort code, account number and (presumably) account name is enough to TAKE money from somebody’s account without that person having to give approval.

    Of course, until that issue is resolved then yes, sharing such details is A Very Bad Idea, but the problem is not the sharing of the details but that the banking system is so vulnerable to such a simple thing.

    • Gwyn Headley says:

      A simple solution (so not one that will be implemented any time soon) is to block nominated accounts from any automated payment schedule. Once an account has been opened and the account owner has been dragged through the verification process a couple of clicks is all it would need for him/her to open a separate account which will accept incoming payments but can only pay out to the owner’s other account.

  6. Ron Lines says:

    I have a solution to not knowing what further damage can be done, change your bank and all accounts

    • Gwyn Headley says:

      Yes, that would work, but we’d have to have a full-time compliance officer to take care of the fairly constant attacks we and all other businesses suffer. And the admin at this end would be too daunting to cope with.

  7. […] hope you’re well. My rather sensational headline was designed to attract you to read my blog: The statement is not far from the truth, except that one might infer connivance which is almost […]

  8. Hi Gwyn,
    I read your article about this, and hope you manage to get it sorted and the photograph removed from Getty straightaway. Particularly galling as it was one of your contributors!
    Anyway the reason I am posting this is to let you know of a company local to me in Scotland (a fellow BNI member) who specialises in web and online security and forensic investigations.
    It would be worth you having a chat with them as I don’t believe that you necessarily require to have a full-time compliance officer. I’ve attached their details here for you and put Wynn’s direct mobile number for him. I will also let him know your situation – so he’ll contact you and he’ll be able to give you more of an idea about he can help you.
    Director, Praetorian IT Security

    I hope this can help you – they are highly recommended, and their speciality is to help SMEs in particular (whilst having the experience of working with very large corporations). They are also experts in recovering data.
    If anyone has Ransomware issues – contact them.

  9. Mike Raggett says:

    That’s awful – your contributor should have known better in the first place but as for Getty and the Beeb … At least she hid your signature.

    I hope Getty pay you a substantial sum – they should certainly never have uploaded it.

  10. tim gartside says:

    Funny that. I asked my bank Santander about sending out these details as I was worried about what could happen and they said no problem perfectly safe! I shall ask again by email this time so I have the answer in writing.

    • Gwyn Headley says:

      We were assured it was a risk by HSBC’s Head of Business Banking UK, who rang me personally. I have no reason to doubt him. I can’t believe HSBC finds it a problem and Santander doesn’t. We have closed the compromised account and opened a new one, on HSBC’s recommendation. In any case, it’s always safer not to broadcast sensitive information.