Britain’s data watchdog launched a probe yesterday after confidential files relating to Barclays Bank customers were allegedly stolen then sold on to rogue brokers.
The Information Commissioner’s Office (ICO) said it would be looking into the case this week, after it was revealed in the Mail on Sunday newspaper.
The tabloid said highly sensitive information — including bank customers’ savings, earnings, insurance policies, mortgages and health issues — had found its way into the hands of “unscrupulous brokers.”
The newspaper claimed such information was valuable on the black market because it allows individuals to be targeted in investment scams.
The weekly said an anonymous whistle-blower gave reporters a memory stick containing files on 2,000 Barclays customers.
The man said it was a sample from a stolen database of up to 27,000 files, which he claimed could be sold by salesmen for up to ￡50 (US$80) each.
“We contacted the Information Commissioner and other regulators on Friday as soon as we were made aware,” a Barclays spokeswoman said.
“Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business, which we ceased operating as a service in 2011,” she said.
“We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data,” she added.
“This appears to be criminal action and we will cooperate with the authorities on pursuing the perpetrator,” the spokeswoman said.
A source at the British bank said it did not yet know in full what was on the memory stick.
Each report is about 20 pages long, the Mail on Sunday said. All the customers had sought financial advice from Barclays, and gave their details during meetings with an adviser.
Select traders were given the information, the paper claimed, and from December 2012 to September last year, some victims were persuaded to buy rare earth metals that did not exist.
An ICO spokesman said: “It’s crucial that people’s personal information is properly looked after.”
“We’ll be working with the Mail on Sunday this week to get further details of what has happened here, as well as working with the police,” the spokesman added.
The ICO can slap fines of up to ￡500,000 on organizations that fail to protect private data.