Whistleblower: Barclays Customer Data Stolen And Sold For Scammers’ Use

Barclays Bank London headquarters © Kiev.Victor Shutterstock

Bank says it is looking into a report that data was stolen before being used and sold by rogue traders

A database containing as many as 27,000 files on Barclays bank customers has been stolen and sold on to rogue traders, according to a report.

A whistleblower, a former commodities broker who passed on a memory stick containing 2,000 of those files, said each file could be sold for £50. He claimed it was the worst leak of data he’d ever come across, but such illicit buying and selling of data “is going on all the time in the city”.

Barclays Bank London headquarters  © Kiev.Victor ShutterstockBarclays breach

The stolen data included customers’ earnings, alongside details of their mortgages, savings and insurance policies. Passport and national insurance numbers were also included in the pilfered files.

The leak affects many of those who sought advice from the bank and includes information on their attitude to risk. Such information could be used by scammers trying to get people to invest in dubious schemes.

According to the whistleblower, the brokerage firm he worked for used the “Barclays leads” until investors became suspicious. The trading floor was then closed and cleaned, the whistleblower said. His boss’ laptop was destroyed and other computers wiped.

Barclays, which admitted the breach appeared to be of a criminal nature, said it had contacted the Information Commissioner’s Office and other regulators on Friday after the Mail on Sunday alerted it to the issues. The bank believes the breach is related to its Barclays Financial Planning business, which was closed in 2011.

Whilst the ICO can only fine companies up to £500,000 for breaches of the Data Protection Act, the Financial Conduct Authority can impose unlimited monetary penalties.

“This shows that even older customer data from closed businesses or subsidiaries can have real value if it should fall into the wrong hands,” said Steve Smith, managing director of data security specialist Pentura.

“It’s critical that firms holding this type of sensitive data have policies to protect that information, and to control who has access to it, from when it’s originally created right through to its long-term storage and disposal.

“This is the only way to control these types of breach, so that their origins can be traced and any vulnerabilities quickly closed.”

What do you know about Internet security? Find out with our quiz!