Halifax apologises for mortgage data leak

Halifax could face action from the Financial Services Authority over the loss of mortgage information

Sensitive mortgage information pertaining to 13,000 Halifax customers was stolen from an employee's car last week. 

Halifax, part of banking group HBOS, has apologised to each of its affected customers and promised that nobody will be left out of pocket. 

The stolen briefcase included documents containing customer account details which the employee used when liaising with mortgage intermediaries.

The personal data contained mortgage account information only. It did not include any bank account details, Pins, passwords or details of financial transactions, the bank stressed.

Around 1,800 of the relevant customer records included name, address, mortgage account number and balance. The remainder of the records listed the customer's name, mortgage account number and approval status.

Halifax could face action from the Financial Services Authority, which fined Nationwide almost £1m last month after the theft of an employee's laptop exposed major security flaws.

"We are very sorry for any inconvenience or upset we may have caused our customers. Lessons have been learnt, and we are reviewing our procedures as a matter of urgency," said Shane O'Riordain, general manager for group communications at Halifax.

"We have taken immediate steps to protect our customers. The relevant authorities were promptly told about what had happened. We are writing to all 13,000 customers today to inform them about this incident, to apologise, and to tell them what we are doing about it."

Jamie Cowper, a marketing manager at data encryption firm PGP Corporation, said: "While this is a situation that clearly could have been avoided, Halifax should be commended for being so upfront and notifying its customers immediately. 

"But in this day and age, when we have a multitude of devices better equipped to store such information, should companies still be storing confidential details in paper format?"

Andrew Pearson, executive vice president at IT consultancy Workshare, warned that high profile data leaks are becoming increasingly common. 

"While technology is often blamed for data leakage, the Halifax case highlights the risks of taking any information outside a company, whether on a portable device like a laptop, or a more traditional briefcase.

"These kinds of leaks can be incredibly damaging, not just for the people whose details have been lost or stolen, but for the business in terms of damage to reputation and breach of regulations.

"Companies need to put measures in place to ensure that corporate and customer details are always protected."