Barclay Bank: 27,000 files leaked in worst breach of bank data ever

  • Cache of personal and financial details  stolen and sold to rogue traders
  • Unscrupulous dealers ‘used information to  pressure investors into scams’
  • Bank thanked Mail on Sunday for  revelation and launched investigation
  • Barclays now face unlimited fines for not protecting customer information
  • Former City broker blew the whistle on  the files to stop problem growing

ByIan Gallagherand Stephanie Condronand Simon Watkins

PUBLISHED:          17:00  EST, 8 February 2014

Reeling: Barclays launched an urgent investigation into the security breach after the Mail on Sunday brought it to their attention

Reeling: Barclays launched an urgent investigation into  the security breach after the Mail on Sunday brought it to their  attention

Barclays Bank is reeling from  an unprecedented security breach after thousands of confidential customer files  were stolen and sold on to rogue City traders.

In the worst case of data loss from a British  High Street bank, highly sensitive information, including customers’ earnings,  savings, mortgages, health issues and insurance policies, ended up in the hands  of unscrupulous brokers.

The data ‘gold mine’ – also containing  passport and national insurance numbers – is worth millions on the black market  because it allowed unsuspecting individuals to be targeted in investment scams.

Barclays last night launched an urgent  investigation and promised to co-operate with police.

It is not clear how the records were stolen,  but the bank could face an unlimited fine if found guilty of putting customers’ details at risk.

The leak was exposed by an anonymous  whistleblower who passed The Mail on Sunday a memory stick containing files on  2,000 of the bank’s customers.

He claimed it was a sample from a stolen  database of up to 27,000 files, which he said could be sold by shady salesmen  for up to £50 per file.

‘This is the worst [leak] I’ve come across by  far,’ said the  former commodity broker. ‘But this illegal trade is going  on all the time in the City. I want to go public to stop it getting  bigger.’

Under the guidance of lawyers, this newspaper  has viewed a small selection of the files, which are effectively stolen goods.  Each report is about 20 pages long, and among the victims are doctors,  businessmen, scientists, a musician and a cleaner.

Barclays, which was fined £290 million in  2012 for its part in the Libor rigging scandal, said it would contact the  customers as soon as possible.

The loss is a breach of its obligation under  the Data Protection Act to keep personal information secure.

One of the victims, 69-year-old Janice  Snowling, from Maldon, Essex, said: ‘I’m really angry. I think we should get  some sort of compensation. It’s outrageous. The banking industry is the  pits.’

All the customers had sought financial advice  from the bank, and passed on their details during meetings with an adviser. The  consultations included filling out questionnaires – or ‘psychometric tests’ – which revealed their attitude to risk.

That information could be exploited to  persuade victims to buy into questionable investments.

Revealing: Large amounts of data were made available in the lost files. All sensitive information here has been redacted

‘The data is a gold mine for traders because  it is so incredibly detailed. It gets them inside the customer’s head,’ said the  whistleblower, who is prepared to make a statement to police.

Until last year he was working alongside a  firm of brokers which, he said, regularly tried to get people to invest in ‘all  manner of dodgy schemes’.

He said select traders were given the ‘Barclays leads’ which they exploited to the full. ‘They would start by saying  that they had a great investment opportunity that would suit someone on a  particular income or with a particular amount of money to invest.

‘Of course, they already knew this about the  person they were talking to.’

The whistleblower first became aware of the  Barclays leads in September when the boss of the brokerage firm asked him to  sell them to other traders. ‘The obvious question I asked was, “These are  fantastic leads, why are you not using them yourself?”

‘He replied, “We have – sell it as secondary  data.” He had got all he could out of them. New, they were worth £50 per file.  He asked us to sell for £8.’

The whistleblower showed the leads to a  select group of brokers ‘who thought they were amazing’, but eventually decided  not to sell.

‘My conscience got the better of me. It was  all just so wrong,’ he said. ‘I wasn’t a broker myself at this stage, but I had  a business link to the firm.’

Between December 2012 and September 2013 the  firm persuaded victims to buy rare earth metals that did not exist, it is  claimed. The whistleblower estimates up to 1,000 people could have been ‘scammed’.

When the investors began to suspect they were  being fleeced he said the boss chose to ‘shut the trading floor’.

‘His orders were to get rid of the evidence,  to show that we were never there. We bleached the desks so his DNA was not in  the office. We destroyed his laptop and 15 bags of paperwork. We wiped the  computers. During this fiasco he asked me, “Have you got the Barclays leads?” I  said, “No, I haven’t, they must have been destroyed”.

‘But I kept them because I thought the whole  thing had gone too far. I want to stop it now, to tell people what was  happening.’

'Appalled': These victims were shocked to find out their details were available to unscrupulous figures

+5

Barclays said in a statement: ‘We are  grateful to The Mail on Sunday for bringing this to our attention and we  contacted the Information Commissioner and other regulators on Friday as soon as  we were made aware.

‘Our initial investigations suggest this is  isolated to customers linked to our Barclays Financial Planning business, which  we ceased  in 2011.

‘We will take all necessary steps to contact  and advise those customers as soon as possible so that they can also ensure the  safety of their personal data.

‘Protecting customers’ data is a top priority  and we take this issue extremely seriously. This appears to be criminal action  and we will co-operate with the authorities on pursuing the  perpetrator.

‘We would like to reassure all of our  customers  that we have taken every practical measure to ensure that  personal and financial details remain as safe and secure as  possible.’

The Mail on Sunday has arranged to pass on  the data to the Information Commissioner’s Office. A spokesman said: ‘We’ll be  working with The Mail on Sunday this week as well as working with the  police.’

It is not the first data loss by a leading  bank, but the depth of the data included in this case outstrips anything else  uncovered so far. The Information Commissioner’s Office can impose fines of up  to £500,000 on organisations that fail to protect private data.

But the City watchdog the Financial Conduct  Authority can levy unlimited fines.

In 2009 HSBC was fined £3million after parts  of its business were found to have been ‘careless’ in handing customers’ data  when discs were lost in the post; and in 2010 the UK arm of Zurich Insurance was  fined £2.275 million after it lost 46,000 customers’ data.

In neither case was the data thought to have  fallen into the wrong hands.

But the Barclays data appears to have been  actively stolen and ended up in the hands of unscrupulous  salesmen.

The revelation comes as the bank is bracing  itself for a row over bonuses, with as much as £2.4 billion set to be handed out  to staff.

STOLEN FILES WERE PURE GOLD… THEY GAVE  BROKERS AN EDGE OVER POTENTIAL INVESTORS – BY FORMER BROKER WHO EXPOSED TRADE IN  STOLEN DATA

Anonymous: A former broker who was given the lost data to sell went public to stop the practice growing

Anonymous: A former broker who was given the lost data  to sell went public to stop the practice growing

I was given the Barclays ‘leads’ after they  had been ‘rinsed’ – or used up – and told to sell them to other  brokers.

In the end, I didn’t do this because I  thought it was wrong – and by that time I’d had enough of the whole  business.

There is no question that the Barclays data  was used, though. It was pure gold to brokers (who must have made a fortune out  of it) because it gave them a psychological edge over potential investors – their victims.

Because of its detail it allowed the brokers  to get inside the minds of their targets. They knew exactly how much money these  people were prepared to invest and their attitude to risk.

They knew everything about them and tailored  their strategy accordingly. I was told only the best brokers were given the  Barclays leads – these are the most manipulative people.

There are a lot of good people in the  brokerage industry but also a lot of undesirables. I know plenty of drug dealers  who got involved because they realised they could make more money in the City  than they could on the streets.

The perfect money-making opportunity for many  of the brokers came during the recession when people’s savings were hit by low  interest rates.

Potential investors became susceptible to the  broker’s questionable approaches and promises of sky-high  returns.

I worked at a type of brokerage known in the  industry as a ‘spank shop’, operating from rented offices outside London or even  in the City.

The brokers ‘spank’ or punish people over the  phone by advising them to invest in certain commodities which make lots of money  for the broker, but not the investor.

The broker sells the commodity for such a  massive mark up that it eliminates any opportunity the investor has to make  money. The industry gets young people, brainwashes them, shows them a high end  lifestyle and trains them to pull private investors.

Brokerages want to hire people who are  money-oriented, articulate and who speak the Queen’s English.

Their ideal is the young, hungry white guy.  They want the most aggressive person, very manipulative and bullish, almost like  a New York broker in the 1980s.

Our guru: The trader revealed how they were trained by Jordan Belfort, the 'Wolf of Wall Street', portrayed here by Leonardo DiCaprio

Our guru: The trader revealed how they were trained by  Jordan Belfort, the ‘Wolf of Wall Street’, portrayed here by Leonardo  DiCaprio

In the first interview they would ask: ‘Do  you **** whores and sniff coke? Do not come and work here if you  don’t.’

They might even ask the interviewee to sing a  song. They want to see if they can bend them over a barrel and get them to do  what they want.

Out of 10,000 brokers, 9,000 will be earning  below the minimum wage. The majority will never succeed. The successful ones do  not have a moral compass.

Most people drop out after a couple of years  because they burn out but I know old school brokers who’ve done it since the  1980s.

We got trained by Jordan Belfort, the  real-life Wolf of Wall Street. It cost £38,000 for an hour’s conference call  with him from New York. Three different firms took part and there were 40  brokers in the room, sitting around a phone.

He’s big on ‘rapport building’. He shows how  to apply pressure in the right places – how to manipulate people in a controlled  way. In all cases, brokers try to find the person’s motive for  investing.

When trust is established  it’s very  easy to make the ale or ‘load’ a client with a commodity. Loaders are a breed of  broker and some can earn 40 per cent a deal on just the  commission.

At one time carbon credits were the top  commodities sold. Investors paid £6.50 for the credits – in fact worth  nothing.

Now the spank shops are selling diamonds and  rare earth metals. Brokers can quickly get greedy. A quantity of diamonds sold  to a broker for £1,000 are sold on to the investor (or victim) for £40,000.

A lot of contracts between broker and  investor include ‘exit confirmation’ – the date when the return on investment is  expected. But in many cases those clauses are a lie.

A month or two before the exit strategy is  due, the firm winds up and disappears.

The owners – criminals in sharp suits – will  set up shop, trade for a bit, then the company will close, only for the brokers  to open another one.

The next day they ring the same clients, but  with different voices on the end of the phone. You might use a different name – nobody uses their real name.

Many on the Barclays list were born in the  1930s. Old people are perfect targets because they are more trusting and they  haven’t got long left. You hope they die before your exit strategy comes up.

The spank shop industry is terrible and needs  to be stamped out.

Read more: http://www.dailymail.co.uk/news/article-2554875/Barclays-account-details-sale-gold-27-000-files-leaked.html#ixzz2snPs6ljC Follow us: @MailOnline on Twitter | DailyMail on Facebook

~~~

Barclays to sell customer data

 – The Guardian,

Monday 24 June 2013

Barclays is to start selling information about 13 million customers’ spending habits to other companies, and has admitted it could share the data with government departments and MPs.

In letters being sent to customers, it is also outlining what details about them it holds and uses which, it said, “may include images of you or recordings of your voice”, as well as comments made in interactions with the bank on social media sites such as Twitter and Facebook. Barclays said it may collect “location data derived from any mobile device details you have given us” – suggesting it will be able to pinpoint where in the world a customer is at a particular moment in time.

However, the bank assured customers that any data it passed on to third-party companies would be aggregated to show trends, and that individuals would not be identifiable from it. A spokeswoman said there was “nothing sinister” going on, and added that it would not be profiteering from customers. Like most companies, Barclays has previously used customer data internally, but it has not shared it with third parties before. It is writing to current and savings account customers to let them know about the changes, which will take effect on 9 October….

Continued: http://www.theguardian.com/business/2013/jun/24/barclays-bank-sell-customer-data

~~~

Barclays Bank Cyber Theft: 8 Arrested For Allegedly Hacking Computer System, Stealing $2 Million

By GREGORY KATZ  09/20/13

LONDON — Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday.

The gang is accused of installing a KVM device, or keyboard video mouse, on the bank’s computer system that allowed it to carry out the cyber theft.

The men, aged between 24 and 47, are being questioned about conspiracy to steal and conspiracy to defraud U.K. banks.

Police said cash, jewels and thousands of credit cards have been found in searches at addresses in the greater London area. They said the group operated out of a “control room” in central London that was being searched.

The arrests follow a failed attempt to use similar technology to rob the Santander bank last week. The same police investigators are handling both cases.

Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime.

Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank’s computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.

“That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems,” said Graham Cluley, an independent computer security analyst. “Then you could remotely access the computers as if you were sitting in front of it. Effectively, it’s like breaking into the bank in the middle of the night.”

Still, he said the bank’s anti-fraud systems were probably activated by the unusual transactions shortly after the money was taken from Barclays, allowing the bank to recover it quickly.

“Money was technically moved, but no lasting financial damage was done,” said Cluley, who believes the same suspects may have been behind the hacks at Barclays and Santander.

A Barclays executive said the bank acted “swiftly to recover funds” after the security breach at its Swiss Cottage branch in north London in April.

“We can confirm that no customers suffered financial loss as a result of this action,” said Alex Grant, the bank’s

http://www.huffingtonpost.com/2013/09/20/barclays-bank-cyber-theft_n_3960149.html

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s