(Guardian (UK) Via Acquire Media NewsEdge) Barclays is under scrutiny by regulators and could face a hefty fine after thousands of confidential customer files were stolen in a data breach described as catastrophic by an adviser to the business secretary, Vince Cable.
The files, containing details on 2,000 individuals including their names, addresses, phone numbers, passport numbers, mortgages and levels of savings, were allegedly sold for use in boiler-room scams, in which vulnerable savers are snared into fraudulent investments.
"This is catastrophic, just awful," the Liberal Democrat MP Tessa Munt, who is parliamentary private secretary to Cable and has campaigned on mis-selling by banks, told the Guardian. "What protections have Barclays got in place? Are the police going to pursue this, are they going to prosecute, and is someone going to go to jail for this? They should do."
Barclays said it would be writing to the customers concerned. The bank, has begun an internal inquiry and reported the theft to the police and to regulators.
The Financial Conduct Authority (FCA), which can impose unlimited fines, and the information commissioner, who oversees data protection and can fine organisations up to pounds 500,000, are looking into the matter.
"Barclays have contacted us and we will be working with them to understand exactly what has happened and what steps consumers may need to take," a spokeswoman for the FCA said.
"Consumers rightly presume their data is safe with their bank, and this should serve to remind all firms how important it is they have the correct procedures in place to ensure data is secure and used appropriately."
The security breach was first reported by the Mail on Sunday, which was approached by a whistleblower who claimed the files were just a sample from a haul of stolen data containing the details of 27,000 individuals. The whistleblower said he was prepared to give evidence to police, and claimed he was given the data to sell on by an unnamed firm of rogue brokers whom he worked with.
The memory stick he handed over also contained national insurance numbers, details on dependants and personal information on whether people had undergone surgery or were on medication.
They are believed to have been customers of the now defunct Barclays Financial Planning business, which was fined pounds 7.7m in 2011 and ordered to pay up to pounds 59m in compensation for mis-selling investment funds to more than 12,000 customers.
Like those Barclays customers affected by the mis-selling scandal, many of those whose names appear on the stolen files are elderly. The whistleblower said the information was used to scam about 1,000 people, who were persuaded to invest in rare earth metals that did not exist. Between December 2012 and September 2013, a select group of brokers at the firm concerned were given the files, which they used to cold call their victims.
These were customers who had sought financial advice from Barclays. As part of consultations with advisers, they filled out questionnaires about their savings, physical health and revealed their attitude to risk using psychometric tests.
"The data is a gold mine for traders because it is so incredibly detailed. It gets them inside the customer's head," said the whistleblower. He added: "This illegal trade is going on all the time in the City. I want to go public to stop it getting bigger."
He described a world in which scammers worked from so-called "spank shops", renting offices and peddling products that were either fraudulent or sold at inflated prices to unsuspecting, often elderly or inexperienced investors.
With interest rates at an all-time low since the banking collapse, people have been withdrawing their money from the savings accounts chasing higher returns on investments. Many of them are seen as soft targets for rogue brokers.
When investors concerned began to suspect they had been duped, the trading floor was shut. According to the whistleblower, computers were wiped, paperwork destroyed, and the desks cleaned with bleach to remove DNA traces. The whistleblower, a former commodities trader, was asked to sell on the data, which he said could fetch up to pounds 50 a file from those operating boiler room scams.
Barclays said: "This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.
"We would like to reassure our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible."
Barclays faces a hefty fine over the security breach Photo: Oli Scarff/Getty Images
(c) 2014 Guardian Newspapers Limited.