As many of you probably know by now, French president Nicolas Sarkozy has had money siphoned from his bank account and pressed charges in September, leading to the arrest of three people. Two of them have reportedly used his account number to buy mobile phone contracts. The third suspect is a shop employee, although it is not clear whether she is supposed to have been in on the scam.

Initially reported as a case of “hacking,” the story increasingly sounds like it wasn’t necessarily “personal”. In fact, it is likely the small time crooks had no idea whose account number they were using. Some reports say they probably acquired the banking details from an online purveyor of stolen data, unlikely to have focused on just one account.

Besides, not much has surfaced about the investigation at this point, especially as to how exactly Sarkozy’s details were obtained. It could be a phishing attack, malware on the presidential computer, or more simply an insider job at his bank, or within a company holding on to his details for direct debit purposes.

So, the story could have less to do with online security than with leaks. More details will probably come to light in weeks to come. However, the current uncertainty around the cause of the incident hasn’t stopped vendors from using the story to plug their security products.

Security specialist Sophos wasted no time in posting about the incident and how “no-one is safe” from password theft. To be fair, even government spokesman Luc Châtel said, perhaps hastily, that the incident showed that online banking was “not infallible”. At least Sophos went to the trouble of making an amusing video about it, so all is forgiven.

Filed under: Retail Banking, risk, Technology