Monday, September 15, 2008

Lack of privacy controls costs Barclays £500,000

The Daily Mail reports:
A teenage bank worker who helped fraudsters fleece her wealthy customers out of nearly £500,000 in an 'alarmingly simple' sting was jailed for 18 months today.

Ruth Akinyemi, who was 18 at the time, leaked vital details including dates of birth and account passwords from the Barclays bank computer system.

Some questions:
  1. Why could a teenage bank worker access sensitive personal data (especially passwords) in the first place, without any check that she had a specific reason to do so? What else was she doing with this information? Why did the bank allow cash to be withdrawn based on such carelessly protected "secrets"?

  2. Why didn't Barclays' auditing procedures pick up her patterns of access to this data for further investigation? Why aren't customers notified on their monthly statements of bank staff access to their records, so they have a chance of picking up abuse?

  3. When will more businesses realise that such lax privacy controls can have extremely costly consequences?

1 comment:

Bertil Hatt said...

Isn't that obvious? Because 18 y.o. who have to do IT management for a bank instead of going to the university needs the money more then a bank in the midst of a financial crisis. That's Robin Wood 2.0 for you.