Search Blog Posts

Sunday, February 9, 2014

Barclays Busted: Sells private account details up to 27,000 files leaked in worst breach of bank data EVER

  • Cache of personal and financial details stolen and sold to rogue traders
  • Unscrupulous dealers 'used information to pressure investors into scams'
  •  Bank thanked Mail on Sunday for revelation and launched investigation
  •  Barclays now face unlimited fines for not protecting customer information
  •  Former City broker blew the whistle on the files to stop problem growing

Submitted by Tyler Durden on 02/09/2014 12:19 -0500

In recent months, the attention of the public has been consumed by concerns over private data abuse by such public spy agencies as the NSA, as well as what personal financial information may have been intercepted by rogue hacker black hats who in the past two months have been blamed for millions in credit card privacy breaches. However, so far there have been two major loose ends in the story of personal data collection (and abuse): just how web search browsers and cookie-based advertising companies collect everything there is to know about the particular interests and desires of any given individual, and just as importantly, how banks abuse client confidentiality by taking the secret financial data of their clients less than seriously.

Today, one of these loose ends got some much needed public exposure after the Daily Mail, of all places, reported that it had been approached by a whistleblower, who revealed that in one of the biggest breaches of bank secrecy, Barclays had stolen and sold the confidential personal and financial data of up to 27,000 clients to the highest market bidder, in most cases rogue traders who had seen Glengarry Glen Ross one too many times, and who would then use Jordan Belfort-inspired tactics to sell money losing investment products to those unlucky thousands who had entrusted their data to the bank.

Is this the case of yet another "Snowden" growing a conscience and exposing the fraud he had witnessed for all to see? For the time being, it sure looks like it:  "This is the worst [leak] I’ve come across by far,’ said the  former commodity broker and whistleblower. ‘"But this illegal trade is going on all the time in the City. I want to go public to stop it getting bigger."

Barclays Bank is reeling from an unprecedented security breach after thousands of confidential customer files were stolen and sold on to rogue City traders.

In the worst case of data loss from a British High Street bank, highly sensitive information, including customers’ earnings, savings, mortgages, health issues and insurance policies, ended up in the hands of unscrupulous brokers. The data ‘gold mine’ - also containing passport and national insurance numbers - is worth millions on the black market because it allowed unsuspecting individuals to be targeted in investment scams.

Barclays last night launched an urgent investigation and promised to co-operate with police.

It is not clear how the records were stolen, but the bank could face an unlimited fine if found guilty of putting customers’ details at risk. 

The leak was exposed by an anonymous whistleblower who passed The Mail on Sunday a memory stick containing files on 2,000 of the bank’s customers.

He claimed it was a sample from a stolen database of up to 27,000 files, which he said could be sold by shady salesmen for up to £50 per file.

Of course, Barclays has had its share of legal troubles in recent years, having been exposed as the first bank in the still growing Libor-rigging scandal for which is was fined GBP290 million, and now this data loss, which is a breach of its obligations under the Data Protection Act to keep personal information secure, will almost certainly cost its many more hundreds of millions in legal fees and damages.

The sources of the breached and stolen files was data collected from customers who had sought financial advice from the bank, and passed on their details during meetings with an adviser.

The consultations included filling out questionnaires - or ‘psychometric tests’ - which revealed their attitude to risk. That information could be exploited to persuade victims to buy into questionable investments.

One could call them, the "Glengarry leads", and an example of one is shown below:

But while Barclays collecting detailed data about its clients is perfectly normal, what it did next is criminal:

The whistleblower first became aware of the Barclays leads in September when the boss of the brokerage firm asked him to sell them to other traders. ‘The obvious question I asked was, “These are fantastic leads, why are you not using them yourself?”

‘He replied, “We have – sell it as secondary data.” He had got all he could out of them. New, they were worth £50 per file. He asked us to sell for £8.’

The whistleblower showed the leads to a select group of brokers ‘who thought they were amazing’, but eventually decided not to sell.

‘My conscience got the better of me. It was all just so wrong,’ he said. ‘I wasn’t a broker myself at this stage, but I had a business link to the firm.’

Between December 2012 and September 2013 the firm persuaded victims to buy rare earth metals that did not exist, it is claimed. The whistleblower estimates up to 1,000 people could have been ‘scammed’.

Then the party was over as quickly as it started:

When the investors began to suspect they were being fleeced he said the boss chose to ‘shut the trading floor’.

His orders were to get rid of the evidence, to show that we were never there. We bleached the desks so his DNA was not in the office. We destroyed his laptop and 15 bags of paperwork. We wiped the computers. During this fiasco he asked me, “Have you got the Barclays leads?” I said, “No, I haven’t, they must have been destroyed”. ‘But I kept them because I thought the whole thing had gone too far. I want to stop it now, to tell people what was happening.’

Alas, the burning down of the crime scene was not enough, and now that Barclays has been exposed, the damage control begins:

Barclays said in a statement: ‘We are grateful to The Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware. 'Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business, which we ceased  in 2011.

‘We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data. ‘Protecting customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.

'We would like to reassure all of our customers  that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.’ The Mail on Sunday has arranged to pass on the data to the Information Commissioner’s Office. A spokesman said: ‘We’ll be working with The Mail on Sunday this week as well as working with the police.’

That's not all: we also learn that the legacy of the Wolf of Wall Street is alive and well. So alive in fact, he has been in ongoing consultations on how to cold call clients about which the sellers already knew everything in advance: Read more from ZH