Customer’s Data Leaked Out of a UK Loan Website

A security breach at Loans.co.uk, the Website of one of the UK's major loan firms, caused leakage of borrowers' personal details. The loan Website data included customers' names, addresses, date of birth, phone numbers, mortgage details, and loan applications.

In one statement, Loans.co.uk said that they came to know about information of some of their customers being given to certain loan companies outside their group. However, they did not have any evidence of the information being used for other purposes except for marketing.

The pilfered data was related to people who have applied for loan and the company is not aware of any customer's data being provided, the company said. The loan company's Website would not reveal the number of customers that have been affected or the way the breach occurred. But the company has notified all the customers potentially affected.

Mr. Stewart Cruse, a customer who received a notice from Loans.co.uk on September 4, 2007, said that he was disgusted with the event and also scared about what effect it could have on his life. Some criminal could be using his details to get credit cards or purchase expensive things, he apprehended. Thisiswindon reported this on September 12, 2007.

The loan firm approached Hertfordshire police who said the case was for the ICO (Information Commissioners Office).

According to a statement by Hertfordshire police, the ICO deals with any violation of section 55 of the data protection act, including abuse or resale of such private information. The police have no role in it. They also said that customers concerned about data theft should directly contact the Loans.co.uk. And that if any person believed there has been a fraudulent use of his/her personal data could report the case to the local police.

The incident should set an alarm for all businesses in the country. The companies must employ stricter working practices and other measures to safeguard confidential data, said Paul Skinner, senior ICT Underwriting Specialist at Chubb Insurance. ComputerWeekly published this in news on September 13, 2007.

The case also suggested the significance of protecting data wherever it belongs to failing which companies could risk action from industry bodies or the Information Commissioner damaging their reputation.

Related article: Customer Sues Sears For Data Breach

» SPAMfighter News - 9/28/2007