Barclays has found itself in a data loss nightmare, after national newspapers reported about the loss of 27,000 records.
According to the Mail on Sunday, the thousands of confidential customer files were stolen and sold on to rogue City traders. The information included customers’ earnings, savings, mortgages, health issues, insurance policies, passport and national insurance numbers and each report is about 20 pages long, and among the victims are doctors, businessmen, scientists, a musician and a cleaner.
The details were passed to the paper by an anonymous whistleblower who passed the files on a memory stick and said that they could be sold for up to £50 per file. The whistleblower first became aware of the Barclays leads in September when the boss of the brokerage firm asked him to sell them to other traders, they said.
In a statement, Barclays said that it was “grateful to the Mail on Sunday for bringing this to our attention and we contacted the Information Commission and other regulators on Friday as soon as we were made aware”.
It said: “Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business which we ceased operating as a service in 2011. Based on what we have seen, this appears to be data from 2008 or earlier.
“We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data.
“Protecting our customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.
“We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.”
Professor John Walker, a member of the British Computer Society E
lite Group, said in an email to IT Security Guru that the breach was interesting, but said that this is only known as an insider blew the whistle, otherwise it would be unknown, and the subject public at large would have been none the wiser and at risk.
“My conclusion is, we are not at a well trodden juncture of insecurity and public/business exposure which, in my opinion needs much more than to just pay lip service to the known, but which demands tangible action to secure the National and Global Economies,” he said.
“We also need to be aware that the cultures which tolerated the unreported breach have moved on, in some cases to the world of Outsourcing and Service Management (e.g. First Data), so sadly one may conclude that such attitudes for survival may have evolved into the unknown.”