Exclusive: confidential Alcatel-Lucent files discovered on eBay laptop
Documents reveal faults, security information and personal chat logs
A second-hand laptop purchased on auction site eBay has been found to contain over 5GB of confidential information relating to global telecoms company Alcatel-Lucent.
The files, shown exclusively to Computing, include service, fault and outage logs relating to Cable & Wireless, Orange, BT and other major companies, all dating from various months in 2008, and seeming to originate from Alcatel's offices in Wales.
There are also dozens of internal guides and handbooks covering such topics as security system structures for Alacatel communication networks, including detailed manuals on configuring the company's ePipe network.
This information would be of use to hackers, who could use it to navigate and disrupt the firm's systems after breaching the firm's security.
Also among the files are logs of intimate personal messenger conversations between Alcatel employees, and what appears to be school work of an employee's nine-year old daughter, which includes the child's name and address.
Usernames, IP addresses and full session details are also present in records of Alcatel employees' work inside the company's Broadband Remote Access Server (BRAS).
Many of the manuals and tutorials relate to systems and services that Alcatel-Lucent still runs versions of today, theoretically affording anybody who infiltrated the company's systems a full working knowledge of their structure and navigation.
Full names and mobile phone numbers of dozens of employees are also listed in work rota documents.
Geographical areas of activity for the teams include Aberdeen, Elgin, Peterhead and Arbroath in Scotland, as well as Leeds.
Computing's source, who wishes to remain anonymous, purchased the machine on eBay among a batch of three laptops, only one of which contained a hard drive.
"I took the disk out to make sure it was okay," he told Computing. "When I saw two partitions on there, I thought I'd check what the other one was in case it was a recovery partition. But it wasn't - it was full of data."
The buyer, concerned about such a large amount of private data being leaked from Alcatel, tried to inform the company.
"I contacted the company through its head office in Paris - I sent an email and got no response at all, so I found an ethics reporting link on its site where things like this could be reported," said the source.
"After five working days I've heard nothing at all. Not even an acknowledgement receipt that they'd had my mail."
He found absolutely no security provisions in place guarding the Alcatel data, and the volume of the data shows that, if a disposal company had been charged with destruction of the data, the second partition was clearly missed before releasing the laptop to private sale on eBay.
Computing contacted the Information Commissioner's Office for comment.
"It would definitely be something we'd want to be made aware of," said an ICO telephone helpline operative," before adding that the ICO's enforcement team would only be prepared to look into the issue if "we have a complaint made to us, usually by an individual," and if the complaint was made "in writing," with receipt of "some of the information" so, said the operative, "we could see what was contained on there for ourselves."
When Computing made it clear that this report was coming from the press, with a news story already made public, the operative agreed to "make [the ICO] enforcement department aware of it. I can send an email off regarding that," concluded the operative.
Data recently recovered from the ICO in accordance with Freedom of Information laws revealed that public and private sector data breaches have grown by 1,000 per cent in the past five years.