Here’s a story straight out of the steam age of information security. UK high street bank Halifax has been forced to apologise to 13,000 mortgage customers after losing a computer print out containing personal information.
The documents were in a briefcase stolen from the locked car of an employee last week. Around 1,800 of the customer records included name, address, mortgage account number and balance. The remainder listed the customer's name, mortgage account number and
The incident asks serious questions about the bank's IT capabilities (why would anyone need to carry this kind of information around in paper form?) and information security policy.
As Jamie Cowper, from data encryption outfit PGP Corporation, points out: “In this day and age, when we have a multitude of devices better equipped to store such information, should companies still be storing confidential details in paper format? Policies
need to be established and enforced, and technology such as encryption needs to be deployed."
On it’s Web site the bank ‘fessed up to the incident in a statement bearing the reassuring headline ‘Halifax protects customers’.
This desperate piece of spin doctoring sat above a statement issued by the bank late last week on ‘Ten top tips for online safety’, which included the following pearl of wisdom: “Perform regular back-ups of your system, or at least back-up files that you
cannot afford to lose or that would be difficult to replace, such as documents, address books and important emails.”
This is the same banking group, incidentally, that
earlier this year sent the confidential details of 75,000 other account holders to a customer who had requested a single copy of her bank statement.
You couldn't make it up.