A teenage bank worker who helped fraudsters fleece her wealthy customers out of nearly £500,000 in an 'alarmingly simple' sting was jailed for 18 months today.
Ruth Akinyemi, who was 18 at the time, leaked vital details including dates of birth and account passwords from the Barclays bank computer system.
- Why could a teenage bank worker access sensitive personal data (especially passwords) in the first place, without any check that she had a specific reason to do so? What else was she doing with this information? Why did the bank allow cash to be withdrawn based on such carelessly protected "secrets"?
- Why didn't Barclays' auditing procedures pick up her patterns of access to this data for further investigation? Why aren't customers notified on their monthly statements of bank staff access to their records, so they have a chance of picking up abuse?
- When will more businesses realise that such lax privacy controls can have extremely costly consequences?