Missing U.K. bank customer data was not encrypted
It should have been, and it shouldn't have shipped via regular mail either
Computerworld UK - A lost disk holding confidential data on 62,000 HBOS banking group mortgage customers was not encrypted -- although it should have been, the bank has admitted.
The bank had promised to learn lessons and overhaul its procedures after a similar loss of customer data in March, but said the second loss was "unrelated" because the data had gone missing in a different way.
This month's data breach included names, addresses, dates of birth and mortgage account numbers on a CD-ROM sent by HBOS subsidiary Bank of Scotland to a credit reference agency. It was reported missing when the agency did not receive the expected monthly dispatch of information.
An HBOS spokesperson confirmed: "The disk would usually be encrypted. Unfortunately, due to human error on this occasion the usual policy was not followed. We apologize to our customers for this."
The bank also confirmed that although disks were usually sent out using a secure post service, the missing disk had been sent through the Royal Mail's standard service. "That was a mistake on our part," the spokesperson said.
In March, Halifax building society -- another HBOS subsidiary -- apologized to 13,000 mortgage customers after a computer printout of their records was stolen from an employee's car.
After the Halifax incident, HBOS general manager for group communications Shane O'Riordain promised: "Lessons have been learned. We are reviewing our procedures as a matter of urgency."
In the same month, HBOS was among also among 11 banks ordered by the information commissioner to sign a formal undertaking to comply with Data Protection Act principles, after dumping customers' personal data in rubbish bins outside their premises.
The information commissioner threatened to take further action -- including possible prosecution -- if the conditions were not met.
But asked how the Bank of Scotland customer data could be lost when the HBOS was supposed to have tightened security procedures after the Halifax security breach and the information commissioner's probe, the spokesperson said the latest incident was different.
"Lessons have been learned and we have revised our procedures accordingly," he said. "The other incidents ... are all unrelated. One was the theft of a briefcase from an employee (which has been recovered) and the undertaking referred specifically to the disposal of confidential waste."
The bank has reported the lost CD to both the Financial Services Authority and the information commissioner.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts