- Cache of personal and financial details stolen and sold to rogue traders
- Unscrupulous dealers ‘used information to pressure investors into scams’
- Bank thanked Mail on Sunday for revelation and launched investigation
- Barclays now face unlimited fines for not protecting customer information
- Former City broker blew the whistle on the files to stop problem growing
PUBLISHED: 17:00 EST, 8 February 2014
Barclays Bank is reeling from an unprecedented security breach after thousands of confidential customer files were stolen and sold on to rogue City traders.
In the worst case of data loss from a British High Street bank, highly sensitive information, including customers’ earnings, savings, mortgages, health issues and insurance policies, ended up in the hands of unscrupulous brokers.
The data ‘gold mine’ – also containing passport and national insurance numbers – is worth millions on the black market because it allowed unsuspecting individuals to be targeted in investment scams.
Barclays last night launched an urgent investigation and promised to co-operate with police.
It is not clear how the records were stolen, but the bank could face an unlimited fine if found guilty of putting customers’ details at risk.
The leak was exposed by an anonymous whistleblower who passed The Mail on Sunday a memory stick containing files on 2,000 of the bank’s customers.
He claimed it was a sample from a stolen database of up to 27,000 files, which he said could be sold by shady salesmen for up to £50 per file.
‘This is the worst [leak] I’ve come across by far,’ said the former commodity broker. ‘But this illegal trade is going on all the time in the City. I want to go public to stop it getting bigger.’
Under the guidance of lawyers, this newspaper has viewed a small selection of the files, which are effectively stolen goods. Each report is about 20 pages long, and among the victims are doctors, businessmen, scientists, a musician and a cleaner.
Barclays, which was fined £290 million in 2012 for its part in the Libor rigging scandal, said it would contact the customers as soon as possible.
The loss is a breach of its obligation under the Data Protection Act to keep personal information secure.
One of the victims, 69-year-old Janice Snowling, from Maldon, Essex, said: ‘I’m really angry. I think we should get some sort of compensation. It’s outrageous. The banking industry is the pits.’
All the customers had sought financial advice from the bank, and passed on their details during meetings with an adviser. The consultations included filling out questionnaires – or ‘psychometric tests’ – which revealed their attitude to risk.
That information could be exploited to persuade victims to buy into questionable investments.
Until last year he was working alongside a firm of brokers which, he said, regularly tried to get people to invest in ‘all manner of dodgy schemes’.
He said select traders were given the ‘Barclays leads’ which they exploited to the full. ‘They would start by saying that they had a great investment opportunity that would suit someone on a particular income or with a particular amount of money to invest.
‘Of course, they already knew this about the person they were talking to.’
The whistleblower first became aware of the Barclays leads in September when the boss of the brokerage firm asked him to sell them to other traders. ‘The obvious question I asked was, “These are fantastic leads, why are you not using them yourself?”
‘He replied, “We have – sell it as secondary data.” He had got all he could out of them. New, they were worth £50 per file. He asked us to sell for £8.’
The whistleblower showed the leads to a select group of brokers ‘who thought they were amazing’, but eventually decided not to sell.
‘My conscience got the better of me. It was all just so wrong,’ he said. ‘I wasn’t a broker myself at this stage, but I had a business link to the firm.’
Between December 2012 and September 2013 the firm persuaded victims to buy rare earth metals that did not exist, it is claimed. The whistleblower estimates up to 1,000 people could have been ‘scammed’.
When the investors began to suspect they were being fleeced he said the boss chose to ‘shut the trading floor’.
‘His orders were to get rid of the evidence, to show that we were never there. We bleached the desks so his DNA was not in the office. We destroyed his laptop and 15 bags of paperwork. We wiped the computers. During this fiasco he asked me, “Have you got the Barclays leads?” I said, “No, I haven’t, they must have been destroyed”.
‘But I kept them because I thought the whole thing had gone too far. I want to stop it now, to tell people what was happening.’
Barclays said in a statement: ‘We are grateful to The Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware.
‘Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business, which we ceased in 2011.
‘We will take all necessary steps to contact and advise those customers as soon as possible so that they can also ensure the safety of their personal data.
‘Protecting customers’ data is a top priority and we take this issue extremely seriously. This appears to be criminal action and we will co-operate with the authorities on pursuing the perpetrator.
‘We would like to reassure all of our customers that we have taken every practical measure to ensure that personal and financial details remain as safe and secure as possible.’
The Mail on Sunday has arranged to pass on the data to the Information Commissioner’s Office. A spokesman said: ‘We’ll be working with The Mail on Sunday this week as well as working with the police.’
It is not the first data loss by a leading bank, but the depth of the data included in this case outstrips anything else uncovered so far. The Information Commissioner’s Office can impose fines of up to £500,000 on organisations that fail to protect private data.
But the City watchdog the Financial Conduct Authority can levy unlimited fines.
In 2009 HSBC was fined £3million after parts of its business were found to have been ‘careless’ in handing customers’ data when discs were lost in the post; and in 2010 the UK arm of Zurich Insurance was fined £2.275 million after it lost 46,000 customers’ data.
In neither case was the data thought to have fallen into the wrong hands.
But the Barclays data appears to have been actively stolen and ended up in the hands of unscrupulous salesmen.
The revelation comes as the bank is bracing itself for a row over bonuses, with as much as £2.4 billion set to be handed out to staff.
STOLEN FILES WERE PURE GOLD… THEY GAVE BROKERS AN EDGE OVER POTENTIAL INVESTORS – BY FORMER BROKER WHO EXPOSED TRADE IN STOLEN DATA
I was given the Barclays ‘leads’ after they had been ‘rinsed’ – or used up – and told to sell them to other brokers.
In the end, I didn’t do this because I thought it was wrong – and by that time I’d had enough of the whole business.
There is no question that the Barclays data was used, though. It was pure gold to brokers (who must have made a fortune out of it) because it gave them a psychological edge over potential investors – their victims.
Because of its detail it allowed the brokers to get inside the minds of their targets. They knew exactly how much money these people were prepared to invest and their attitude to risk.
They knew everything about them and tailored their strategy accordingly. I was told only the best brokers were given the Barclays leads – these are the most manipulative people.
There are a lot of good people in the brokerage industry but also a lot of undesirables. I know plenty of drug dealers who got involved because they realised they could make more money in the City than they could on the streets.
The perfect money-making opportunity for many of the brokers came during the recession when people’s savings were hit by low interest rates.
Potential investors became susceptible to the broker’s questionable approaches and promises of sky-high returns.
I worked at a type of brokerage known in the industry as a ‘spank shop’, operating from rented offices outside London or even in the City.
The brokers ‘spank’ or punish people over the phone by advising them to invest in certain commodities which make lots of money for the broker, but not the investor.
The broker sells the commodity for such a massive mark up that it eliminates any opportunity the investor has to make money. The industry gets young people, brainwashes them, shows them a high end lifestyle and trains them to pull private investors.
Brokerages want to hire people who are money-oriented, articulate and who speak the Queen’s English.
Their ideal is the young, hungry white guy. They want the most aggressive person, very manipulative and bullish, almost like a New York broker in the 1980s.
In the first interview they would ask: ‘Do you **** whores and sniff coke? Do not come and work here if you don’t.’
They might even ask the interviewee to sing a song. They want to see if they can bend them over a barrel and get them to do what they want.
Out of 10,000 brokers, 9,000 will be earning below the minimum wage. The majority will never succeed. The successful ones do not have a moral compass.
Most people drop out after a couple of years because they burn out but I know old school brokers who’ve done it since the 1980s.
We got trained by Jordan Belfort, the real-life Wolf of Wall Street. It cost £38,000 for an hour’s conference call with him from New York. Three different firms took part and there were 40 brokers in the room, sitting around a phone.
He’s big on ‘rapport building’. He shows how to apply pressure in the right places – how to manipulate people in a controlled way. In all cases, brokers try to find the person’s motive for investing.
When trust is established it’s very easy to make the ale or ‘load’ a client with a commodity. Loaders are a breed of broker and some can earn 40 per cent a deal on just the commission.
At one time carbon credits were the top commodities sold. Investors paid £6.50 for the credits – in fact worth nothing.
Now the spank shops are selling diamonds and rare earth metals. Brokers can quickly get greedy. A quantity of diamonds sold to a broker for £1,000 are sold on to the investor (or victim) for £40,000.
A lot of contracts between broker and investor include ‘exit confirmation’ – the date when the return on investment is expected. But in many cases those clauses are a lie.
A month or two before the exit strategy is due, the firm winds up and disappears.
The owners – criminals in sharp suits – will set up shop, trade for a bit, then the company will close, only for the brokers to open another one.
The next day they ring the same clients, but with different voices on the end of the phone. You might use a different name – nobody uses their real name.
Many on the Barclays list were born in the 1930s. Old people are perfect targets because they are more trusting and they haven’t got long left. You hope they die before your exit strategy comes up.
The spank shop industry is terrible and needs to be stamped out.
Barclays to sell customer data
Monday 24 June 2013
Barclays is to start selling information about 13 million customers’ spending habits to other companies, and has admitted it could share the data with government departments and MPs.
In letters being sent to customers, it is also outlining what details about them it holds and uses which, it said, “may include images of you or recordings of your voice”, as well as comments made in interactions with the bank on social media sites such as Twitter and Facebook. Barclays said it may collect “location data derived from any mobile device details you have given us” – suggesting it will be able to pinpoint where in the world a customer is at a particular moment in time.
However, the bank assured customers that any data it passed on to third-party companies would be aggregated to show trends, and that individuals would not be identifiable from it. A spokeswoman said there was “nothing sinister” going on, and added that it would not be profiteering from customers. Like most companies, Barclays has previously used customer data internally, but it has not shared it with third parties before. It is writing to current and savings account customers to let them know about the changes, which will take effect on 9 October….
Barclays Bank Cyber Theft: 8 Arrested For Allegedly Hacking Computer System, Stealing $2 Million
By GREGORY KATZ 09/20/13
LONDON — Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday.
The gang is accused of installing a KVM device, or keyboard video mouse, on the bank’s computer system that allowed it to carry out the cyber theft.
The men, aged between 24 and 47, are being questioned about conspiracy to steal and conspiracy to defraud U.K. banks.
Police said cash, jewels and thousands of credit cards have been found in searches at addresses in the greater London area. They said the group operated out of a “control room” in central London that was being searched.
The arrests follow a failed attempt to use similar technology to rob the Santander bank last week. The same police investigators are handling both cases.
Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime.
Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank’s computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
“That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems,” said Graham Cluley, an independent computer security analyst. “Then you could remotely access the computers as if you were sitting in front of it. Effectively, it’s like breaking into the bank in the middle of the night.”
Still, he said the bank’s anti-fraud systems were probably activated by the unusual transactions shortly after the money was taken from Barclays, allowing the bank to recover it quickly.
“Money was technically moved, but no lasting financial damage was done,” said Cluley, who believes the same suspects may have been behind the hacks at Barclays and Santander.
A Barclays executive said the bank acted “swiftly to recover funds” after the security breach at its Swiss Cottage branch in north London in April.
“We can confirm that no customers suffered financial loss as a result of this action,” said Alex Grant, the bank’s