The Bank of Scotland has been hit by a £75,000 fine over a snafu that led to it repeatedly faxing customers’ account details to the wrong people. Sensitive information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details. The information was …
I had this EXACT problem.
Back in the days of modems, my parent's house kept getting lots of fax phone calls. We didn't have a fax. Most annoyingly, when it started, it would go on all day long, every five minutes. There was no way to identify who it was or stop it.
So, while I cobbled together some fax software for the modem, my brother phoned BT. They intercepted our phone line for an hour and then called us back. Turns out, some automated bank system somewhere had the wrong fax number plugged into it and it was sending us all the inter-branch faxes with customer details and all sorts. Damn shame I couldn't get the fax-modem working in time to collect it myself.
The BT engineer obviously had access to their phone lists and called their head office (because ringing back on the number that was sending was something we'd already tried and we just got a fax answer) direct. The problem was sorted in minutes after that because of the nature of the material, and the harassment of ourselves.
Nowadays, it would be a huge data protection fine. And it would have been only a few more minutes before I'd built a fax-modem that could receive them and then sent them to the head-office myself. The practice is still going strong, by the sounds of it, and they are still just as inept when it comes to typing in the phone numbers of the destination.
or slurp and sell the data for bitcoins.
But they're not a public body!
Surely a mistake?
Wetware in the Middle
You do wonder why in this day and age people are *still* printing out a document and walking across the office to then manually feed it into a machine before typing in a fax number.
Re: Wetware in the Middle
Because a minimum wage meatbag is easier to justify than having consultants in to tell you how changing processes and procedures at a cost of several hundred thousand pounds.
I used to live across from a Health Centre
GP surgery, that sort of thing.
One day I backed down the drive and across some sheets of paper strewn across the pavement. This being the day that the bins were emptied it wasn't too much of a surprise- the Seagulls go after the bins, and if these seagulls were any larger you could harness them and use them to take kids to school.
There were, however, many more sheets of paper than I'd have expected so I got out and had a look at what they were. Turns out they were medical records- presumably temporary copies or files on former members, etc- some recordset that was supposed to be destroyed.
I bundled them up, put them in what was left of a box containing yet more files, and went in to tell the staff what I'd found. They weren't in the slightest concerned, so I went to the police. Who also weren't in the slightest bit concerned. Didn't think of the data protection lot, I really should have!
Re: I used to live across from a Health Centre
In this day and age you would probably be locked up for accessing sensitive material that didnt belong to you.
A bunch of bankers
I think the correct collective noun is a wunch [of bankers]...
I got a good fax...
... from Orange. It was the proceedings of a disciplinary sacking of a member of staff for breaching a customer's privacy. It contained full details of the customer who complained, the staff member concerned and transcripts of several very sensitive meetings. Unbelievable.
Re: I got a good fax...
You should have faxed it back to them.
Re: I got a good fax...
"You should have faxed it back to them.", with the equivalent of "Pot, meet kettle!"
In a previous job I got a fax from a Police station containging details of a criminal case. I called them to let them know they were sending information to incorrect numbers. The girl on the other end of the phone politely apologised, promised they would sort it out and asked that I fax the information back to them so they could destroy it......
Sizable fine? £75k?
I don't think, in banking terms, that £75k is a sizable fine. Especially where customer details are involved.
Bank fined £75K
Pays for it in loose change.
Re: Bank fined £75K
That's so little it can probably be signed for by the local branch manager without additional approvals.
in the 21st century ? Really ????
Worked with a chap who was looking for a new job on the QT. Registered with an agency, whose first action was to email his CV to our company as a speculative punt. MD called him in and said "if you're not happy, you can go now" and fired him.
Re: ****ing faxes
You will be surprised, although the majority of ours just disappeared (When I found they were used once every year and though screw it take em out and see if anyone complains) we still have to keep a few as many customers still send orders in and legal financy things.
I recently purchased a flat, the final holdup was a missing valuation report. I eventually got through to the valuer and they said they could send it by fax.
They could not send it to me (the guy on the phone) who has answered endless security questions by email but were quite happy to send it to a fax number they found online for my estate agent.
Why is this still considered secure?
There is an amazing level of idiocy out there.
I do not have a fax machine, but I do pay a small fee for a fax to email service so that I have a fax number.
Because I sometimes deal with people who will not email me certain documents and paperwork, but are happy to fax them, and who will not accept such things emailed, but will happily accept them faxed.
And I have told them exactly what I do. I don't think they quite understood.
£75k fine is a JOKE
They probably paid it by checking down the back of the sofa in the corporate rest room.
£75k PER INCIDENT might start to make them sit up and pay attention.
Lets not forget..
The complete farce that was the NHSNet (run by BT). In a previous life I had to deal with them when asking for filtering changes on our 3rd-party NHSNet connection.
They required you to email back a signed form.. I offered to fax it to them and discovered that they didn't have a fax machine (and got told that they couldn't accept it by fax anyway since "that wasn't a legal method")..
One again the big corps get away with it, the rest suffer, more than fed up with this crap now, we need change!
Breach of DPA
To send a person’s financial records to the wrong fax number once is careless. To do so continually over a three-year period, despite being aware of the problem, is unforgivable and in clear breach of the Data Protection Act.
Now I don't know the details of the DPA but I guess even sending it once is a breach?
Sending records of that nature to the wrong fax number once is careless but doing so over a three year period and even when there is an ICO investigation going on is just plain negligent.
£75k is not a sizable fine.
Heads should roll over this.
Ten years ago I worked in a large office not far from a major RAF base and our phone number ranges differed only by the odd digit. We used to get callers asking to speak to Squadron Leader X and occasional faxes detailing flight movements. It's not much different from problems with emails where people accidentally select the wrong 'Mike' from their address list, with hilarious results.
I got a fax from an african prince once
Our vicar received a fax a few years ago headed SECRET asking for clarification on certain classified technical specifications regarding "his" tender for an MOD procurement project. The chap that turned up from the MoD was extremely apologetic.
One of our customers still asks what our fax number is (ours went in the bin long ago). They also require us to post their invoice to them rather than emailing a PDF as they require "a hard copy".
Quite how a printed copy of that PDF that has been handled by Royal Mail is any different to a printed copy from their office I don't know. I always used to email our contact in the accounts department "Hi, I've posted your invoice for the next quarter. I've attached a copy for your convenience."
That said, that's NOTHING compared to dealing with Japanese multinationals. For a country that supposedly at the leading edge of tech this particular one wanted our entire web product offering rewritten to support IE5. No, not 6. 5. We declined their business.
"That said, that's NOTHING compared to dealing with Japanese multinationals. For a country that supposedly at the leading edge of tech this particular one wanted our entire web product offering rewritten to support IE5. No, not 6. 5. We declined their business."
What you should have done is offered to do exactly what they wanted. At a suitable premium over the full cost of doing the work since it would be a total one-off. If they were that desperate then Ker-ching!
Years and a few companies ago I started receiving faxes on my voice line. It kept up so I started quickly forwarding them to the office fax machine which revealed they were being sent to a mortgage company and had all sorts of financial information. I called the mortgage company and asked them what was going on. They said they had the wrong number printed in the documentation they give out to people applying for mortgages as well as all their new business cards, so there really wasn't anything they could do about it since it would cost them quite a bit to change everything and perhaps I should just see about getting a new phone number if it was bothering me.
After that I started calling the people sending the faxes to let them know what was happening and why. A few irate customers later the mortgage company decided it was perhaps better to reprint their documentation and business cards.
Gronk, you could have had endless amounts of fun. The first barb should have been telling the mortgage company that you would be faxing their customers back with a message that their paperwork was misdirected. Those application packages can run to dozens of pages, the last thing that people will want is to have them "returned".
Canada Trust does it to me all of the time
I have a toll-free number on my incoming fax line. Canada Trust frequently sends me mortgage applications (to the tune of over 50 pages in the last month) and has for YEARS, despite my complaints. I've given up trying to notify them with an international phone call each time, so now when I get one I do a quick lookup on facebook for the name and if I find a match that list Canada Trust as employer I drop them a message about receiving their paperwork.
Stephen Eckersley was very Ernest in his remarks.
I think that's important.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Feature Be your own Big Brother: Monitoring your manor, the easy way
- Boffins say they've got Lithium batteries the wrong way around
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer