Police have found a stolen USB stick containing the personal data of more than 13,000 customers, which also includes National Insurance numbers and passport details.
A flash drive recovered by Brighton Police earlier this month has been found to contain the names and personal details of more than 13,000 Barclays bank customers.
Not only did the USB drive contain names, dates of birth, National Insurance numbers, and addresses, but also employment details and even psychometric information of customer attitude towards risk.
All of this information is thought to have been in the hands of fraudsters for as long as seven years.
What Have Barclays Said?
At this point, it’s not clear how the information was originally extracted, but Barclays, who have clearly been on the receiving end of some very probing questions in recent days, have been fast to try to rectify the issue.
They’re currently in the process of contacting all the customers who have been impacted by the breach, offering £250 each in compensation, although it remains to be seen how many of these customers will now look elsewhere for a banking provider.
A spokesman for Barclays had this to say, “This is not a new theft of data from Barclays. Every indication is that the data here was part of the same theft of data that was reported last year, relating to data stolen in 2008. It is simply a separate USB data stick that was not received at that point in time and was recently discovered by the police.”
They continue, ‘‘We are asking each customer to call if they feel their individual circumstances warrant different compensation, especially if they believe that they had a
fraudulent event at any point since this data was stolen.”
It’s important to note that it’s not believed that anyone affiliated to the banking giant stored the data on the USB stick in the first instance. Although this, and another similar incident, are being investigated to ensure this isn’t the case. It’s much more likely that the data has been copied onto the device by hackers.
If nothing else this has highlighted how easy it is for data to fall into the hands of those that intend to use it for malicious purposes, when not safeguarded correctly.
What’s Next?
Barclays have announced that they don’t believe that there is any evidence that the extracted files have been exploited by those who were in possession of the USB stick.
In addition to compensation, Barclays have announced that customers will be able to check their credit scores to ensure there hasn’t been any unusual activity.
In a recent letter apologising to customers for the recent incident, Barclays Director of Customer Experience Matt Hammerstein writes, “We regret to inform you that a copy of some historic information you provided to Barclays Financial Planning has been recovered by police during a criminal investigation unrelated to Barclays. We are very sorry this has occurred.”
The incident has also gained the attention of investigating authorities, with a spokesperson for the Information Commissioner’s Office, which investigates Data protection breaches, saying, “We are aware of the incident and we will be making enquiries.”
Our View
“All of the USB sticks we provide to our customers are usually used as brand development or marketing tools,” Says USB Makers Managing Director Richard LeCount, “this means it’s very unlikely that anything overly sensitive will appear on our devices.”
“That said, if you do require something important to be stored on a USB stick, then it’s a wise idea to invest in an encrypted or password protected device.”
“Overall though, it’s really not a good idea to store any sensitive data on a USB drive for too long. As in this case, if you were to lose an unprotected device or have it stolen it really is just a case of someone plugging in it and having a field day with your data.” Concludes Richard.