Barclays launches probe into theft of 27,000 customer profiles
Mail on Sunday broke the story after receiving a tip from a whistleblower about one of the most unprecedented data breaches in modern banking: that thousands of personal files - complete with earnings, health records, and passport details - had been put up for sale.
The whistleblower reportedly showed the newspaper a total of 2,000 files, some of them as long as 20 pages and containing very sensitive details. According to the leaker, there are 25,000 more files stashed away on a database somewhere.
Such information - worth millions on the black market - is actively sought by rogue traders for the purpose of targeting people in investment scams. As the whistleblower told the newspaper, “the data is a gold mine for traders because it is so incredibly detailed. It gets them inside the customer’s head.”
According to the whistleblower, up to 1,000 traders could have taken part in the scheme.
Barclays immediately informed regulators and said an investigation was underway. The bank quickly suggested that the theft is linked to the bank’s 2011 Barclays Financial Planning program, which has since been closed.
The bank released a statement on Sunday, describing the theft as a “criminal action” and promising to “cooperate with the authorities on pursuing the perpetrator.”
This disclosure is not doing Barclays any favors, especially considering the bank’s involvement in a series of recent scandals – most notably mis-selling payment protection insurance and manipulating benchmark interest rates in 2012, which led to billions in compensation payouts and various fines.
The Libor rigging scandal led to the resignation of two top figures – Chief Executive Bob Diamond and Chairman Marcus Agius.
Now, more fines could follow.
Various financial bodies in Britain have the power to deal a serious blow to the bank’s finances. The Information Commissioner’s Office (ICO) could easily slap it with a half million pound (US$820,500) fine for transgressions relating to data breaches. The Financial Conduct Authority could do even worse, as its penalties are unlimited. The former is now taking part in the police investigation.
A statement by the bank said that “protecting our customers’ data is a top priority and we take this issue extremely seriously.” They also ensured that they “have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.”