Goldfish Card Services card statement mailing error
Technorati Tag: Security Breach
Date Reported:
8/19/08
Organization:
Barclays Bank PLC
Contractor/Consultant/Branch:
Goldfish Card Services Limited
Unnamed printing vendor
Victims:
Customers
Number Affected:
"More than 17,000"
Types of Data:
Personal information including name, credit card number, and transaction history
Breach Description:
"Britain's biggest credit card company has sent out the wrong account details to thousands of customers."
Reference URL:
BBC News (Video)
ComputerWeekly.com
Money Mail
Report Credit:
BBC News
Response:
From the online sources cited above:
Barclays owned credit-card firm Goldfish has sent the wrong account details to customers after a processing error at the printer the company uses to process statements.
More than 17,000 Barclaycard Goldfish credit card holders have received account statements containing personal information relating to other customers.
[Evan] Check out the BBC News online video, it gives some good perspective from a person who received an erred statement.
The company said a processing error meant the statements were printed incorrectly. The front page was correct, but subsequent pages contained the account information of other people.
[Evan] Typically errors don't just happen. It is more common that something changed which leads me to question whether or not there were changes to the process that weren't adequately tested.
This includes the stranger's name, card number and previous transactions.
Barclaycard has blamed the blunder on a 'printing error' and says customers will shortly receive the correct statements as well as a written apology.
It insists there are not enough details for anyone to make a fraudulent transaction.
[Evan] There probably isn't a significant risk to the victims due to the fact that one person's account information was sent to one wrong person. This incident can't lend well to consumer confidence and corporate image though.
But the mix-up has done little to reassure customers that their account details are in safe hands.
Reader Roy Gosling, from Kent, says: 'This is very disturbing, particularly given all the fraud going on.'
Data protection watchdog the Information Commission Office has demanded an explanation from Barclaycard and wants to know what steps it is taking to prevent a similar incident.
A spokesman says: 'Failure to adequately protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers' trust and confidence.'
A Barclaycard spokesman says: 'We would like to apologise to customers for this error and reassure them that the protection of customer data is extremely important to us and we are treating this very seriously."
[Evan] What else would Barclaycard say?
"We are taking steps to ensure that this does not happen again.'
[Evan] Like?
The incident has highlighted the importance of financial services firms checking the processes and procedures of companies to which they outsource back office functions.
[Evan] I agree. This incident and many others like it highlight this importance. Organizations need to understand that third-party vendors, contractors, and partners need to be included within the protection domain. Sensitive information flowing to and from these third-parties needs to be protected in a manner consistent with the protections within the organization itself. Often times these protections are enforced through policy, contractual language and ongoing assessment.
According to the Financial Service Authority's (FSA) Data Security in Financial Services 2008 report, which analysed 39 companies across the sector, nearly all firms questioned rely on IT support from third parties.
The financial services watchdog said it was a "major concern" that firms are not checking that outsourcing suppliers have the right IT security and policies in place for handling their customers' details.
[Evan] Bingo
Commentary:
While I don't think that this particular incident poses a significant risk to the customers involved, it does give us a good example of how important it can be for organizations to ensure some level of information protection with third-party consultants, contractors, vendors, partners, etc.
Past Breaches:
Unknown
Date Reported:8/19/08
Organization:
Barclays Bank PLC
Contractor/Consultant/Branch:
Goldfish Card Services Limited
Unnamed printing vendor
Victims:
Customers
Number Affected:
"More than 17,000"
Types of Data:
Personal information including name, credit card number, and transaction history
Breach Description:
"Britain's biggest credit card company has sent out the wrong account details to thousands of customers."
Reference URL:
BBC News (Video)
ComputerWeekly.com
Money Mail
Report Credit:
BBC News
Response:
From the online sources cited above:
Barclays owned credit-card firm Goldfish has sent the wrong account details to customers after a processing error at the printer the company uses to process statements.
More than 17,000 Barclaycard Goldfish credit card holders have received account statements containing personal information relating to other customers.
[Evan] Check out the BBC News online video, it gives some good perspective from a person who received an erred statement.
The company said a processing error meant the statements were printed incorrectly. The front page was correct, but subsequent pages contained the account information of other people.
[Evan] Typically errors don't just happen. It is more common that something changed which leads me to question whether or not there were changes to the process that weren't adequately tested.
This includes the stranger's name, card number and previous transactions.
Barclaycard has blamed the blunder on a 'printing error' and says customers will shortly receive the correct statements as well as a written apology.
It insists there are not enough details for anyone to make a fraudulent transaction.
[Evan] There probably isn't a significant risk to the victims due to the fact that one person's account information was sent to one wrong person. This incident can't lend well to consumer confidence and corporate image though.
But the mix-up has done little to reassure customers that their account details are in safe hands.
Reader Roy Gosling, from Kent, says: 'This is very disturbing, particularly given all the fraud going on.'
Data protection watchdog the Information Commission Office has demanded an explanation from Barclaycard and wants to know what steps it is taking to prevent a similar incident.
A spokesman says: 'Failure to adequately protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers' trust and confidence.'
A Barclaycard spokesman says: 'We would like to apologise to customers for this error and reassure them that the protection of customer data is extremely important to us and we are treating this very seriously."
[Evan] What else would Barclaycard say?
"We are taking steps to ensure that this does not happen again.'
[Evan] Like?
The incident has highlighted the importance of financial services firms checking the processes and procedures of companies to which they outsource back office functions.
[Evan] I agree. This incident and many others like it highlight this importance. Organizations need to understand that third-party vendors, contractors, and partners need to be included within the protection domain. Sensitive information flowing to and from these third-parties needs to be protected in a manner consistent with the protections within the organization itself. Often times these protections are enforced through policy, contractual language and ongoing assessment.
According to the Financial Service Authority's (FSA) Data Security in Financial Services 2008 report, which analysed 39 companies across the sector, nearly all firms questioned rely on IT support from third parties.
The financial services watchdog said it was a "major concern" that firms are not checking that outsourcing suppliers have the right IT security and policies in place for handling their customers' details.
[Evan] Bingo
Commentary:
While I don't think that this particular incident poses a significant risk to the customers involved, it does give us a good example of how important it can be for organizations to ensure some level of information protection with third-party consultants, contractors, vendors, partners, etc.
Past Breaches:
Unknown
Posted by Evan Francen at 8/20/2008 2:51 PM 
Categories: Goldfish Card Services, Mailing Error, Barclays Bank PLC
Categories: Goldfish Card Services, Mailing Error, Barclays Bank PLC
Posts Atom 1.0
Comments