Probe into ‘theft’ of Barclays customer database

The highly sensitive information, including customers’ earnings, savings, mortgages, health issues and insurance policies, is alleged to have ended up in the hands of unscrupulous brokers.

The leak was exposed by an anonymous whistle-blower who passed details to the Mail on Sunday after a memory stick containing files on 2,000 of the bank’s customers was said to have been passed on to the traders.

The whistle-blower claimed it was a sample from a stolen database of up to 27,000 files, which he said could be sold by shady salesmen for up to £50 per file.

Each report on the database is said to be about 20 pages long, and among the victims are doctors, businessmen, scientists, a musician and a cleaner, according to the newspaper’s report.

A Barclays spokeswoman said: “We are grateful to the Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware.

“Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business which we ceased operating as a service in 2011.

“We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data.

“Protecting our customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.

“We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.”

All the customers on the database had sought financial advice from the bank, and passed on their details during meetings with an adviser. Select traders were given the “Barclays leads”, the Mail on Sunday said yesterday, and claimed a number of victims were persuaded from December 2012 to September last year to buy rare earth metals that did not exist.

The whistle-blower estimates that up to 1,000 people could have been “scammed”. A source for the bank said it had not yet verified that the memory stick contained 2,000 files, or how much information was on the files, and there was no evidence yet that 27,000 were involved.

A spokesman for the Information Commissioner’s Office (ICO) said: “It’s crucial that people’s personal information is properly looked after. We’ll be working with the Mail on Sunday this week to get further details of what has happened here, as well as working with the police.”

City of London Police had no immediate information on the case.

Financial commentator David Buick described the report as alarming and said it was “the breach of trust” which would be particularly harmful for the bank’s reputation.

It is the latest scandal to hit the under-fire banking sector. The Yorkshire Post reported in August last year that the Bank of Scotland had been fined £75,000 after customers’ account details were repeatedly faxed to the wrong recipients.

The ICO, which served the Bank of Scotland with the fine, said the information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details. The documents were faxed over a three-year period.

In total, at least 21 documents were sent to a third party during this time, with another member of the public receiving a further 10 misdirected faxes. The ICO said that despite the company being informed of the problem on numerous occasions mistakes continued.

A spokesperson for the Lloyds Banking Group, which owns the Bank of Scotland, maintained that the security of customers’ data was “always our key priority”. The spokesperson blamed the misdirected faxes on “human error”, and apologised for the mistake.

[email protected]