The Daily Mail report states that the personal details of 13,000 Barclays customers were in the hands of fraudsters for up to seven years, it emerged last night.
The treasure trove of information – including names, dates of birth and addresses – was on a memory stick found by chance in a police raid.
The data extended even to jobs, salaries, debts, insurance policies, mortgages and passport and national insurance numbers. It is feared that thieves may have made multiple copies of the sensitive files.
Furious customers rang the Mail to denounce Barclays for offering just £250 in compensation for the appalling breach.
‘It’s a total insult,’ said Anthony Gibson of Scarborough. ‘I have not had a proper explanation of who was responsible for this data theft and why, as presumably neither have thousands of their loyal clients.’
The memory stick was found in February when police arrested a man in Brighton on suspicion of ticket fraud. The information, which dates from 2008, came from a defunct Barclays unit that sold investments and pensions.
Other details included the results of psychometric tests about customers’ attitude to risk – which could be exploited by fraudsters cold calling people in investment scams.
Over the past few weeks Barclays has written to all affected customers with the offer of compensation.
Mark Garnier, a Tory member of the Commons Treasury committee, said: ‘Barclays must accept any losses incurred by customers as a result of this pretty colossal breach of trust.
‘This is appalling and will cause even more reputational damage for the lender.’
John Mann, a Labour member of the same committee, said: ‘This breach is extraordinary and has endangered thousands of customers. The level of compensation is clearly inadequate. We have no idea who this data has been sold on to.
‘Banks thrive because they are meant to be reliable. This undermines the whole concept of the bank.’
Last year another memory stick was discovered containing encrypted files with information on 2,000 Barclays customers.
The bank is thought to be investigating whether the data in both breaches was stolen by an employee.
Barclays says there is no evidence the files have been exploited by fraudsters.
It added that customers will be able to check their credit records for free for 12 months to ensure there has been no unusual activity. In the letter apologising for the debacle, Matt Hammerstein, Barclays director of customer experience, says: ‘We regret to inform you that a copy of some historic information you provided to Barclays Financial Planning has been recovered by police during a criminal investigation unrelated to Barclays. We are very sorry this has occurred.’ A spokesman for the Information Commissioner’s Office, which investigates breaches of the Data Protection Act, said: ‘We are aware of the incident and we will be making enquiries.’
‘It is simply a separate USB data stick that was not received at that point in time and was recently discovered by the police. We have proactively contacted the affected customers to apologise, as well as to offer them enhanced fraud protection and monitoring. We have also proactively reviewed all data that we hold to see if we can see any sign of suspicious activity and will continue to do that. We continue to co-operate with the relevant authorities on pursuing those responsible for this criminal act.’