Halifax could face action from the Financial Services Authority over the loss of mortgage information
Halifax apologises for mortgage data leak
/v3-uk/news/1991668/halifax-apologises-mortgage-leak
27 Mar 2007, Ian Williams , V3
Sensitive mortgage information pertaining to 13,000 Halifax customers was stolen from an employee's car last week.
Halifax, part of banking group HBOS, has apologised to each of its affected customers and promised that nobody will be left out of pocket.
The stolen briefcase included documents containing customer account details which the employee used when liaising with mortgage intermediaries.
The personal data contained mortgage account information only. It did not include any bank account details, Pins, passwords or details of financial transactions, the bank stressed.
Around 1,800 of the relevant customer records included name, address, mortgage account number and balance. The remainder of the records listed the customer's name, mortgage account number and approval status.
Halifax could face action from the Financial Services Authority, which fined Nationwide almost £1m last month after the theft of an employee's laptop exposed major security flaws.
"We are very sorry for any inconvenience or upset we may have caused our customers. Lessons have been learnt, and we are reviewing our procedures as a matter of urgency," said Shane O'Riordain, general manager for group communications at Halifax.
"We have taken immediate steps to protect our customers. The relevant authorities were promptly told about what had happened. We are writing to all 13,000 customers today to inform them about this incident, to apologise, and to tell them what we are doing about it."
Jamie Cowper, a marketing manager at data encryption firm PGP Corporation, said: "While this is a situation that clearly could have been avoided, Halifax should be commended for being so upfront and notifying its customers immediately.
"But in this day and age, when we have a multitude of devices better equipped to store such information, should companies still be storing confidential details in paper format?"
Andrew Pearson, executive vice president at IT consultancy Workshare, warned that high profile data leaks are becoming increasingly common.
"While technology is often blamed for data leakage, the Halifax case highlights the risks of taking any information outside a company, whether on a portable device like a laptop, or a more traditional briefcase.
"These kinds of leaks can be incredibly damaging, not just for the people whose details have been lost or stolen, but for the business in terms of damage to reputation and breach of regulations.
"Companies need to put measures in place to ensure that corporate and customer details are always protected."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Halifax not improving
When I got divorced i went to the Halifax for a new mortgage, but they were £200 per month dearer than the offer I had 'because I was an existing customer'. When my ex-wife went for her mortgage they gave her all the details of my offer because we had the same surname and they got the wrong person. Security is evidently not a priority.
Posted by Geoffrey Mullen, 28 Mar 2007
Halifax
You should contact Halifax under breach of data protection. I am currently on to them as they lost my personal information last week (bank statement, council tax bill - all originals with my mortgage application number noted on them) they said that it is unlikely it has been sent out to another customer (but they cant guarantee it ?!?) currently with complaints department under data protection breach
Posted by Lorraine, 03 Apr 2007