Blog article
See all stories »

The data crater

Enormous amounts of customer data have been lost in thefts affecting both retailers and banks. A recent case of data loss at Barclays allegedly included psychological profiling of customers, adding a new dimension to the problem of identity theft. Did the bank accidentally ‘add value’ to the pirated information? Authorities are responding, but these things take time…

 

Q: So who lost what?

A: US retailer Target suffered a breach in December 2013 that saw 110 million customers’ card data compromised. UK newspaper the Mail on Sunday revealed in February 2014 that 27,000 Barclays Bank customers’ data had been stolen, possibly by a former employee, which included psychological profiling information, for people that had been seeking financial planning advice from a now defunct unit.

Q: Wow. That’s enormous. Who is taking the hit for these?

A: There is no hit yet. There are ongoing investigations.

Q: Why did Barclays have psychological profiles of its clients?

A: It had apparently conducted psychometric tests to gauge customers’ risk appetites beyond their consciously declared risk appetites.

Q: How did Target lose so much data?

A: Data is tiny, even when it is massive. A carefully orchestrated malware attack, followed by a careful and unhurried data collection within the firm’s own data centre followed by an extraction. In other words, it was hacked by someone who knew what they were doing.

Q: What about Barclays?

A: It seems that data was just copied on to a USB stick.

Q: And then..?

A: Sold to “unscrupulous brokers” according to the report. Whether these brokers are known and about to be nabbed is a question for the authorities.

Q: In an age where information is king, will breaches like these undermine customer confidence?

A: Yes, but what choice do they have? Move to another retailer with a smaller IT security budget? Not tell their broker what they want to buy? Breaches like this suggest that all electronic dealings are potentially vulnerable. One has to roll with the punches, change passwords, PINs and move on.

Q: And not submit to psychometric tests?

A: Exactly.

 

Comments: (0)

Dan Barnes

Dan Barnes

Writer

Information Corporation

Member since

11 Sep

Location

London

Blog posts

47

Comments

8

This post is from a series of posts in the group:

Future Finance News Analysis

Finextra and Oracle have gathered together some of the industry's top thought leaders to assess the key trends and issues within transaction banking, regulations and retail banking. This group will analyse the latest news on upcoming regulations, new service offerings and industry issues shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.


See all