By Matthew Broersma
Barclays has confirmed it is offering compensation to 2,000 Barclays customers after their detailed personal data was discovered on a USB memory device in a flat on the south coast of England.
The discovery is the latest effect of a data breach first uncovered last February, which affected up to 27,000 customers of the bank’s now-defunct financial planning unit.
The files were stolen in 2008 and relate to data from before that time, according to Barclays. They were originally sold to unscrupulous city traders who used them to target people for investment scams, according to the anonymous whistle-blower who brought the matter to light last year.
The data was discovered in a recent police raid on an unconnected matter, according to The Herald Scotland.
Barclays sent a letter to those affected by the latest incident offering them £250 compensation each, according to the report. Barclays is also offering to put the affected customers on a credit-checking scheme. The bank said last year it was notifying the customers affected by the theft.
“The data taken included information you provided in meetings with a Barclays Financial Planning adviser prior to 2009,” Barclays said in the letter. “It includes details taken during the meeting… and the subsequent letter Barclays sent you containing our investment recommendations.”
Barclays added that it may “take some time” to establish how the details arrived in their latest location.
The files run to 20 pages per person and reportedly contain personal details including customers’ earnings and details of their mortgages, savings and insurance policies, as well as passport and national insurance numbers and information such as health issues. Barclays Financial Planning ceased operating in 2011.
The bank emphasized that the data itself is most likely not from a new breach.
“Every indication is that the data here was part of the same theft of data that was reported last year, relating to data stolen in 2008,” Barclays said in a statement. “The details on the recently discovered USB data stick belong to a group of customers linked to the Barclays Financial Planning business, which ceased operating in 2011. The data concerned was from 2008 or earlier.”
Barclays has been investigated regularly for data protection violations in recent years. Freedom of Information requests by Which? found that Barclays received the most data-protection complaints at the Information Commissioner’s Office (ICO) between August 2009 and August 2010, and it also received the most complaints in 2013, according to FoI requests by industry journal Computerworld.
Barclays has said it takes data protection “extremely seriously” and takes “every practical measure” to prioritize the safety and security of personal and financial data. The bank undertook a revamp of its cyber-security measures in 2014.
The ICO said last year it was working with Barclays and law-enforcement bodies to investigate the data theft, but hasn’t taken action against the bank over the matter.
Data protection has become banks’ top priority in retaining customers, according to Mark James, security specialist at security firm ESET.
“Their ability to protect our data should be the number one goal in keeping our business, making sure we are aware of breaches when they happen and putting in place any measures to hopefully stop it from happening again,” he said.
A recent study found that security is now the top priority for most younger U.K. consumers when choosing a bank.