Enormous amounts of customer data have been lost in thefts affecting both retailers and banks. A recent case of data loss at Barclays allegedly included psychological profiling of customers, adding a new dimension to the problem of identity theft. Did the
bank accidentally ‘add value’ to the pirated information? Authorities are responding, but these things take time…
Q: So who lost what?
A: US retailer Target suffered a breach in December 2013 that saw 110 million customers’ card data compromised. UK newspaper the Mail on Sunday revealed in February 2014 that 27,000 Barclays Bank customers’ data had been stolen, possibly by a former employee,
which included psychological profiling information, for people that had been seeking financial planning advice from a now defunct unit.
Q: Wow. That’s enormous. Who is taking the hit for these?
A: There is no hit yet. There are ongoing investigations.
Q: Why did Barclays have psychological profiles of its clients?
A: It had apparently conducted psychometric tests to gauge customers’ risk appetites beyond their consciously declared risk appetites.
Q: How did Target lose so much data?
A: Data is tiny, even when it is massive. A carefully orchestrated malware attack, followed by a careful and unhurried data collection within the firm’s own data centre followed by an extraction. In other words, it was hacked by someone who knew what they
Q: What about Barclays?
A: It seems that data was just copied on to a USB stick.
Q: And then..?
A: Sold to “unscrupulous brokers” according to the report. Whether these brokers are known and about to be nabbed is a question for the authorities.
Q: In an age where information is king, will breaches like these undermine customer confidence?
A: Yes, but what choice do they have? Move to another retailer with a smaller IT security budget? Not tell their broker what they want to buy? Breaches like this suggest that all electronic dealings are potentially vulnerable. One has to roll with the punches,
change passwords, PINs and move on.
Q: And not submit to psychometric tests?