Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance

Group

Future Finance News Analysis
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

The data crater

Enormous amounts of customer data have been lost in thefts affecting both retailers and banks. A recent case of data loss at Barclays allegedly included psychological profiling of customers, adding a new dimension to the problem of identity theft. Did the bank accidentally ‘add value’ to the pirated information? Authorities are responding, but these things take time…

 

Q: So who lost what?

A: US retailer Target suffered a breach in December 2013 that saw 110 million customers’ card data compromised. UK newspaper the Mail on Sunday revealed in February 2014 that 27,000 Barclays Bank customers’ data had been stolen, possibly by a former employee, which included psychological profiling information, for people that had been seeking financial planning advice from a now defunct unit.

Q: Wow. That’s enormous. Who is taking the hit for these?

A: There is no hit yet. There are ongoing investigations.

Q: Why did Barclays have psychological profiles of its clients?

A: It had apparently conducted psychometric tests to gauge customers’ risk appetites beyond their consciously declared risk appetites.

Q: How did Target lose so much data?

A: Data is tiny, even when it is massive. A carefully orchestrated malware attack, followed by a careful and unhurried data collection within the firm’s own data centre followed by an extraction. In other words, it was hacked by someone who knew what they were doing.

Q: What about Barclays?

A: It seems that data was just copied on to a USB stick.

Q: And then..?

A: Sold to “unscrupulous brokers” according to the report. Whether these brokers are known and about to be nabbed is a question for the authorities.

Q: In an age where information is king, will breaches like these undermine customer confidence?

A: Yes, but what choice do they have? Move to another retailer with a smaller IT security budget? Not tell their broker what they want to buy? Breaches like this suggest that all electronic dealings are potentially vulnerable. One has to roll with the punches, change passwords, PINs and move on.

Q: And not submit to psychometric tests?

A: Exactly.

 

2477

Channels

Security Regulation & Compliance

Group

Future Finance News Analysis
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Dan Barnes
Blog group founder

Dan Barnes

Writer

Information Corporation

Member since

11 Sep 2013

Location

London

Blog posts

47

Comments

8

More from Dan

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more