Skipton blunder reveals account details of 3,000 customers
Share
Skipton Building Society has admitted a data blunder which saw 3,000 customers’ account details sent out to other customers.
The building society says a printing error was to blame for customer account details being printed on the back of other customers’ statements.
In 2007, the FSA fined Nationwide Building Society £980,000 after a security breach following the theft of a laptop from an employee’s home.
The affected Skipton letters included the name, account number, balance and interest earnings of other customers.
Skipton says that the information on the back of the letters would not be sufficient to withdraw funds as they are passbook accounts, which require a signature and cannot be accessed via the internet.
In a statement Skipton says: “A third party printer error occurred last weekend resulting in a small percentage of our customers being mailed receiving some incorrect information on their statements.
“The name and account balance of different customers were printed on the reverse of the letters received by 3,115 customers out of a mailing list of 108,000. This did not include the other customers’ address, date of birth or other identifying details. The risk to affected customers is negligible because of this, and the fact that these are passbook accounts which also require a customer signature for withdrawals and are not accessible via the internet.
“Nevertheless, we are writing to those affected to apologise and to reassure them that the correspondence contained insufficient information to enable any unauthorised transactions on their accounts. We are also offering to change the account numbers of any customers seeking additional peace of mind.”
The news comes after Skipton last month came under fire for its decision to scrap the ceiling and hike its standard variable rate from 3.5 per cent to 4.95 per cent.
Skipton also recently announced that 90 staff are at risk of redundancy in a restructure.
Last week Money Marketing revealed that the FSA had accidentally revealed the email addresses of hundreds of IFAs in a mass mail out by failing to use the BCC function.
If you enjoyed this article, sign up here to receive daily email updates from Money Marketing and Follow @_moneymarketing
Readers' comments (9)
Anonymous | 2 Feb 2010 10:04 am
It's all about security!! I can't believe no one noticed before these statements left the department or was it all done by machines.
If I were a member of staff of the Skipton I'd be out looking for a job!!!!
It's frightening to think once IFA's have been kicked off this planet the Banks will have full control - god help us!!
Unsuitable or offensive? Report this comment
Dermot Brannigan | 2 Feb 2010 10:25 am
This is something that continually frustrates me.
There are countless brokers who have been fined because the firm did not have the systems in place to "identify fraud" and therefore were "putting their customers at risk".
Well, clearly Skipton did not have the systems in place to recognise this, and the FSA too, last week.
If the FSA are not going to fine Skipton, then the least the Building Society should do is make a charitable donation to that effect
Unsuitable or offensive? Report this comment
gav10 | 2 Feb 2010 10:26 am
...Er yes Anon that would the the Building Society turned IFA known as Skipton Financial Services? ie the Skipton group!
Any large organisation can make mishtakes like this.
Unsuitable or offensive? Report this comment
Glen McKeown | 2 Feb 2010 10:53 am
Infallibility isn't a trait commonly known in man - or machine. So mistakes will happen.
What I fail to understand is why, after 25 years of regulation, is there appear to be so few fail-safe systems in financial institutions.
We know that, in general, the administration of financial institutions is an example to be shown to the world - on how not to do it.
The FSA over recent months have levied millions on administration lapses. so can anyone explain why, after 25 years of regulation, these lapses should still be so prevalent. Is it the fact that the cost of the lapse, including fines, is still less, in the long run than having a properly trained and run administration department.
I would have thought that to be a necessary requirement in TCF.
So can anyone out there explain
Unsuitable or offensive? Report this comment
John Harding | 2 Feb 2010 11:17 am
There is always the possibility of 'human error' even in what they would have us believe is the 'bureaucratically perfect' world of the FSA.
Be interesting to see what the regulatory take on this is going to be after their own 'accident'.
Should they attempt to censure the Skipton in any way they will be pretty much obliged to explain what they have done about their own inadequacies.
Obviously just tinkering with their 'systems' does not suffice. Their standard reaction to such mistakes is to demand money by way of a 'fine', for failing to have sufficiently robust 'systems' in place to prevent human error.
The FSA can hardly fine themselves! In any case this would not be any form of sanction as they would just take the money from the very IFA's who's addresses they have promulgated. The only course of action available to the FSA is to penalise the staff responsible, including those right at the top who failed to put in place the, obviously necessary, systems!
Nothing will happen of course, they have form in not disciplining (ie: sacking) those responsible for even a total systems failure in their bank regulation. Even a muffled 'Sorry' had to be dragged out of Mr Sants.
Only sensible course for the regulator is a quiet word in the ear of the Skipton CEO, otherwise the FSA's credibility will take a further knock.
Unsuitable or offensive? Report this comment
Anonymous | 2 Feb 2010 11:26 am
Solution here.FSA fine Skipton jumbo fine to pay for FSA bonuses and hotel bills,Skipton then jack up SVR (again!!!) to pay for it,and therefore everybody happy,apart from dear old Joe Public who once again pays through the hooter.
Unsuitable or offensive? Report this comment
Jim Payne | 2 Feb 2010 12:23 pm
Why should the FSA staff be getting bonuses anyway 'Anon. 11.26'?
Also as the regulator is supposed to be there to 'protect consumer interests' it would also be a case of the 'pot' calling the 'kettle' black as well.
Unsuitable or offensive? Report this comment
Anonymous | 2 Feb 2010 12:39 pm
This is not the first time Skipton has had data security problems. In December 2007 it was reported that Skipton Financial Services had lost details of 14,000 customers when a computer was stolen from an IT contractor - see TIMESONLINE 21 December 2007.
Unsuitable or offensive? Report this comment
Anonymous | 2 Feb 2010 1:34 pm
Don't worry about it, the FSA do it all the time, but they do not have to answer to anyone!!!
Unsuitable or offensive? Report this comment