UK COMMUNICATIONS WATCHDOG the Information Commissioner's Office (ICO) has fined the Bank of Scotland following a series of fax blunders.
The ICO said that the bank repeatedly sent faxes containing customer account details to the wrong people. It added that the bank did this consistently over a three year period.
For "repeatedly" faxing account details to the wrong recipients the ICO fined the bank £75,000, or £25,000 for each year that it exposed its customers' data over telecoms lines.
The ICO called this a serious case. We suspect some of the bank's larger customers have had overdrafts larger than the fine.
"The Bank of Scotland has continually failed to address the problems raised over its insecure use of fax machines. To send a person's financial records to the wrong fax number once is careless. To do so continually over a three year period, despite being aware of the problem, is unforgiveable and in clear breach of the Data Protection Act," said Stephen Eckersley, ICO head of enforcement.
"Let us not forget that this information would have been all a criminal would ever need to carry out identity fraud. Today's penalty reflects the seriousness of this case."
Information sent out over fax to the wrong people included such things as payslips, bank statements, mortgage applications, and account details. This is the sort of information that appeals to cyber criminals, carders and identity thieves.
Although it happened for three years, the mis-sent faxes were going to only two places, both of which were one phone number digit away from the intended recipient.
The first incident was reported in February 2009, and then again at other times during the three years.
"The security of our customers' data is always our key priority. We apologise that, due to human error, a very small number of documents relating to 32 customers were unfortunately misdirected," said the bank in a statement.
"This occurred over a period in which several million customer documents, using the same process, were correctly received. No customer suffered any harm or detriment as a result of this error. We are continually reviewing our processes to ensure our customers' information remains safe." µ
5G is on the horizon...
It's time for Microsoft's enterprise sales teams to shine
Decade-old flaw allows attackers to bypass victim's network firewall
Japanese gaming firm seeks up to $100m in damages