UK’s Barclays suffers 'unprecedented' customer data theft
27,000 detailed reports sold on black market, used to target investors by rogue traders
British bank Barclays is today at the centre of a data leak scandal involving the theft of a database of 27,000 customer files, which were stolen and sold to rogue traders.
UK newspaper The Mail on Sunday described the leak as "unprecendented" among British High Street banks and reported that the details included customers' earnings, savings, mortgages, health issues and insurance policies.
According to The Mail's source, who provided a sample of 2,000 files from the stolen trove, each file could be sold on the black market for around GBP50 (AED300). The information was accumulated by Barclays from customers who had sought financial advice and had answered an in-depth questionnaire. The questionnaire was so detailed that the information provided amounted to a psychological profile of the customer in the form of a 20-page report - a report that the source claimed left the subject at the mercy of traders offering risky investment opportunities.
"The data is a gold mine for traders because it is so incredibly detailed. It gets them inside the customer's head," the source said.
The source claims he was asked by a brokerage firm to sell the so-called "Barclays leads" secondhand to other traders for GBP8 apiece, and that the boss of the firm moved to ensure evidence of the leads had been destroyed after investors became suspicious. It is not known how the data was stolen.
According to The Mail, between December 2012 and September 2013 the brokerage firm used the files to persuade victims to invest in rare metals that did not exist, it is claimed. The source estimates up to 1,000 people could have been victims of the firm.
Under the UK's Data Protection Act, organisations such as Barclays are obligated to keep personal information secure.
The bank said in a statement: "We are grateful to The Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware.
"Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business, which we ceased in 2011.
"We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data.
The Information Commissioner's Office can impose fines of up to GBP500,000 (AED3m) on organisations that fail to protect private data, The Mail reported, but the City watchdog the Financial Conduct Authority can levy unlimited fines.