Blog article
See all stories »

An article relating to this blog post on Finextra:

Halifax customer data stolen

UK bank Halifax has admitted that paper documents containing confidential information on some 13,000 of its mortgage customers have been stolen from an employee's car.

See article

Steam age security at Halifax

Here’s a story straight out of the steam age of information security. UK high street bank Halifax has been forced to apologise to 13,000 mortgage customers after losing a computer print out containing personal information.

The documents were in a briefcase stolen from the locked car of an employee last week. Around 1,800 of the customer records included name, address, mortgage account number and balance.  The remainder listed the customer's name, mortgage account number and approval status.

The incident asks serious questions about the bank's IT capabilities (why would anyone need to carry this kind of information around in paper form?) and information security policy.

As Jamie Cowper, from data encryption outfit PGP Corporation, points out: “In this day and age, when we have a multitude of devices better equipped to store such information, should companies still be storing confidential details in paper format? Policies need to be established and enforced, and technology such as encryption needs to be deployed."

On it’s Web site the bank ‘fessed up to the incident in a statement bearing the reassuring headline ‘Halifax protects customers’.

This desperate piece of spin doctoring sat above a statement issued by the bank late last week on ‘Ten top tips for online safety’, which included the following pearl of wisdom: “Perform regular back-ups of your system, or at least back-up files that you cannot afford to lose or that would be difficult to replace, such as documents, address books and important emails.”

This is the same banking group, incidentally, that earlier this year sent the confidential details of 75,000 other account holders to a customer who had requested a single copy of her bank statement.

You couldn't make it up.


Comments: (1)

A Finextra member
A Finextra member 27 March, 2007, 15:38Be the first to give this comment the thumbs up 0 likes Perhaps they should use invisible ink.

Now hiring