The Bank of Scotland potential ID theft case, involving 62,000 mortgage customers, could have been avoided if the bank had employed encryption for its sensitive data.
According to Calum Macleod, European director for data vaulting and security specialist Cyber-Ark: “This case dramatically highlights the need for encryption of sensitive information by companies, especially where customer data is involved.”
In fact, a disk containing personal information on customers, including their names, addresses, date of birth and account details, went missing in the post whilst en-route to a credit reference agency.
As a result of the high profile data loss incident, the bank is writing to all affected customers warning them they could be victims of identity theft, and offering free credit reference checks.
“Considering the fact that the bank’s sister organisation, also had a similar incident last March, you’d think they would have reviewed their data security policies by now,” says Macleod.
And he adds: “Today many financial institutions have eliminated the risks associated with moving sensitive data via unsecured channels, using digital vaulting. If HBOS had deployed such technology they would have no need to move sensitive data in the way that they did.”
What about manufacturers? “In my experience of meeting many senior executives throughout Europe, from a range of different companies, it still comes as a surprise that so many are still using such archaic methods. The reality is that the technology required to eliminate these threats costs a fraction of the money that HBOS will now have to spend to recover from this single incident.”