Barclays bank is to pay out around £500,000 in compensation to 2,000 customers whose personal data was found on a USB stick in a flat on the south coast of England.
The USB stick was discovered during an unrelated police raid, and is thought to be encrypted, according to a report by the Herald Scotland, which also quotes a formal letter from Barclays to affected customers.
The letter stated: “The data taken included information you provided in meetings with a Barclays Financial Planning adviser prior to 2009.”
“It includes details taken during the meeting…and the subsequent letter Barclays sent you containing our investment recommendations.” It added that it may ‘take some time’ to establish how the theft happened.
The bank is offering customers a payment of £250 to compensate for the breach. The personal details in question are reportedly wealth planning documents that can run to 20 pages per person and contain information on customer’s investment plans and capabilities and personal information such as health issues and passport number.
A Barclays spokesman said: “This is not a new theft of data from Barclays. Every indication is that the data here was part of the same theft of data that was reported last year, relating to data stolen in 2008.”
“The details on the recently discovered USB data stick belong to a group of customers linked to the Barclays Financial Planning business, which ceased operating in 2011. The data concerned was from 2008 or earlier.”
The Daily Mail reported in Feb 2014 that a stick containing data on 2,000 investment customers was on sale to the highest bidder in what the newspaper described at the time as “the worst case of data loss from a British High Street bank”. The newspaper was tipped off by a whistleblower who passed The Mail on Sunday the memory stick.
by Karl Thomas, ESET