Barclays damned after theft of thousands of customer files

According to online media outlet The Guardian, the files, containing details on 2,000 individuals including their names, addresses, phone numbers, passport numbers, mortgages and levels of savings, were allegedly sold for use in boiler-room scams, in which vulnerable savers are snared into fraudulent investments.

The bank, which claims not all of the individuals named in the files were its customers, has begun an immediate internal inquiry and reported the theft to the police and to regulators.

The Financial Conduct Authority (FCA), which can impose unlimited fines, and the information commissioner, who oversees data protection and can fine organisations up to GBP 500,000, are looking into the matter.

The security breach was first reported by the Mail on Sunday, which was approached by a whistleblower who claimed the files were just a sample from a haul of stolen data containing the details of 27,000 individuals. The whistleblower said he was prepared to give evidence to police, and claimed he was given the data to sell on by an unnamed firm of rogue brokers whom he worked with. The memory stick he handed over also contained national insurance numbers, details on dependants and highly personal medical information.

Barclays has declared that initial investigations suggest this is isolated to customers linked to the Barclays Financial Planning business, which it ceased operating as a service in 2011. Based on the information, this appears to be data from 2008 or earlier. Barclays Financial Planning business was fined GBP 7.7 million in 2011 and ordered to pay up to GBP 59 million in compensation for misselling investment funds to more than 12,000 customers.

The financial institution is currently under scrutiny by regulators and could face a hefty fine.

The news about the data breach comes a few days after a report by Forrester Research has suggested that Barclays has ranked first in terms of security functionality. According to data, Barclays topped 2013 rankings with an overall score of 66 out of 100. The bank’s secure website was strong across a range of categories, particularly when it comes to account management, money movement, security and login, and electronic delivery.